General
-
Target
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7.exe
-
Size
239KB
-
Sample
231205-rqn7tabh76
-
MD5
12e099a0fd22ab8fc64e00b4047d2d7d
-
SHA1
928b5790c0c67faed8edd7fc5bf66d679907c7d2
-
SHA256
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7
-
SHA512
00e0c8b3050b5a555ef02cc8f67f074b8ab7bab7dbd44aadaa50763a40a2ef4588ddf7a30bd5c32c8d505aecda4496c923bfe0b83cc526f128a2d91e19df902e
-
SSDEEP
6144:H0oy7KYoDObRpokvvXB+622SL5Y3IedceucOBY43bR:ldkvvXB+3U3IedIBY43b
Static task
static1
Behavioral task
behavioral1
Sample
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7.exe
-
Size
239KB
-
MD5
12e099a0fd22ab8fc64e00b4047d2d7d
-
SHA1
928b5790c0c67faed8edd7fc5bf66d679907c7d2
-
SHA256
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7
-
SHA512
00e0c8b3050b5a555ef02cc8f67f074b8ab7bab7dbd44aadaa50763a40a2ef4588ddf7a30bd5c32c8d505aecda4496c923bfe0b83cc526f128a2d91e19df902e
-
SSDEEP
6144:H0oy7KYoDObRpokvvXB+622SL5Y3IedceucOBY43bR:ldkvvXB+3U3IedIBY43b
-
Snake Keylogger payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Virtualization/Sandbox Evasion
2