General
-
Target
FACTURA065000000.exe
-
Size
328KB
-
Sample
231022-h62neafg67
-
MD5
ff81a14b73d0578f174ac77fda9afd59
-
SHA1
d6a94b13cd5bbc2bf9c611ef22420dc3310535f9
-
SHA256
d6e68eab347e95b242f3f1ea311f8a219253b6e9a95ad198d6b574fee149f2e0
-
SHA512
be966461531bd09f896357357bc5345dfc9d6237ab578a3c866e308b749410530bdef06a1fe4de81736149e2e381924954a534b86a23075f7962fc725c0d3426
-
SSDEEP
6144:UnPdudwD/EVDiMyfb+hYffxzElzvWVI9SrSLi1pS8Jqzrbh77f9U+:UnPdLbnb+OffpTI9xOqzJ39R
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA065000000.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
FACTURA065000000.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
FACTURA065000000.exe
-
Size
328KB
-
MD5
ff81a14b73d0578f174ac77fda9afd59
-
SHA1
d6a94b13cd5bbc2bf9c611ef22420dc3310535f9
-
SHA256
d6e68eab347e95b242f3f1ea311f8a219253b6e9a95ad198d6b574fee149f2e0
-
SHA512
be966461531bd09f896357357bc5345dfc9d6237ab578a3c866e308b749410530bdef06a1fe4de81736149e2e381924954a534b86a23075f7962fc725c0d3426
-
SSDEEP
6144:UnPdudwD/EVDiMyfb+hYffxzElzvWVI9SrSLi1pS8Jqzrbh77f9U+:UnPdLbnb+OffpTI9xOqzJ39R
-
Snake Keylogger payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-