General
-
Target
KcOX.exe
-
Size
609KB
-
Sample
231201-zmp9psga94
-
MD5
fe03b712d2e463fdeb67f9f9f2d98fc9
-
SHA1
d978aed329e47d47791e13f31fc4aa823e545f89
-
SHA256
1ab6ad1baf7099b79f78d5cc575dc08d33320b1f607b6fa038432c3a27fb2dfd
-
SHA512
170ca520c7a9489f8245ae18fb3fa5aa7bc1441d183daa4f72e34a3bbbd393ca46427c25a3809fd805c19348eebf880f1b51c4c147b0ddeac8f1aad02fcd3a03
-
SSDEEP
12288:hMdIt/5J/tXcPl1RWLDmJr4YoKnE5ZrZ4YIfjwIF7:iWBJZ0lSuEbT5ZrlI7ws7
Static task
static1
Behavioral task
behavioral1
Sample
KcOX.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
KcOX.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
KcOX.exe
-
Size
609KB
-
MD5
fe03b712d2e463fdeb67f9f9f2d98fc9
-
SHA1
d978aed329e47d47791e13f31fc4aa823e545f89
-
SHA256
1ab6ad1baf7099b79f78d5cc575dc08d33320b1f607b6fa038432c3a27fb2dfd
-
SHA512
170ca520c7a9489f8245ae18fb3fa5aa7bc1441d183daa4f72e34a3bbbd393ca46427c25a3809fd805c19348eebf880f1b51c4c147b0ddeac8f1aad02fcd3a03
-
SSDEEP
12288:hMdIt/5J/tXcPl1RWLDmJr4YoKnE5ZrZ4YIfjwIF7:iWBJZ0lSuEbT5ZrlI7ws7
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-