General
-
Target
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7
-
Size
239KB
-
Sample
231205-rqrb6sbe7s
-
MD5
12e099a0fd22ab8fc64e00b4047d2d7d
-
SHA1
928b5790c0c67faed8edd7fc5bf66d679907c7d2
-
SHA256
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7
-
SHA512
00e0c8b3050b5a555ef02cc8f67f074b8ab7bab7dbd44aadaa50763a40a2ef4588ddf7a30bd5c32c8d505aecda4496c923bfe0b83cc526f128a2d91e19df902e
-
SSDEEP
6144:H0oy7KYoDObRpokvvXB+622SL5Y3IedceucOBY43bR:ldkvvXB+3U3IedIBY43b
Static task
static1
Behavioral task
behavioral1
Sample
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7
-
Size
239KB
-
MD5
12e099a0fd22ab8fc64e00b4047d2d7d
-
SHA1
928b5790c0c67faed8edd7fc5bf66d679907c7d2
-
SHA256
80570b06c9d7f7e5dadbc63e8eb9e4a608de909b7f4a68315bad25fa594ab4b7
-
SHA512
00e0c8b3050b5a555ef02cc8f67f074b8ab7bab7dbd44aadaa50763a40a2ef4588ddf7a30bd5c32c8d505aecda4496c923bfe0b83cc526f128a2d91e19df902e
-
SSDEEP
6144:H0oy7KYoDObRpokvvXB+622SL5Y3IedceucOBY43bR:ldkvvXB+3U3IedIBY43b
-
Snake Keylogger payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Virtualization/Sandbox Evasion
2