General
-
Target
018ccb52b75e10cd4a45aa22aa7b2342.exe
-
Size
304KB
-
Sample
231011-htblfsag23
-
MD5
018ccb52b75e10cd4a45aa22aa7b2342
-
SHA1
7f0033b4a3958e14d1959555bbfbd58e667d460b
-
SHA256
085432a1c99fa59ffaf3838e1a987e17df690bfd19fe6ad001ee7d9d6fba3eb4
-
SHA512
13497efa83635329a0381f5e447bd47bd29bf7d1634c3909cb0537148d54e348c1455faa6b0246365d165eb1626a65a21acd410d70309ba40bfd6f73ef4c1e8f
-
SSDEEP
6144:hnPdudwDvX6XTt3LWygobl2qgZbyWI2ku6nQ+i1ic3OYBsXA7L:hnPdj6ZKygjq0IZnK1wYMy
Static task
static1
Behavioral task
behavioral1
Sample
018ccb52b75e10cd4a45aa22aa7b2342.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
018ccb52b75e10cd4a45aa22aa7b2342.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
018ccb52b75e10cd4a45aa22aa7b2342.exe
-
Size
304KB
-
MD5
018ccb52b75e10cd4a45aa22aa7b2342
-
SHA1
7f0033b4a3958e14d1959555bbfbd58e667d460b
-
SHA256
085432a1c99fa59ffaf3838e1a987e17df690bfd19fe6ad001ee7d9d6fba3eb4
-
SHA512
13497efa83635329a0381f5e447bd47bd29bf7d1634c3909cb0537148d54e348c1455faa6b0246365d165eb1626a65a21acd410d70309ba40bfd6f73ef4c1e8f
-
SSDEEP
6144:hnPdudwDvX6XTt3LWygobl2qgZbyWI2ku6nQ+i1ic3OYBsXA7L:hnPdj6ZKygjq0IZnK1wYMy
-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-