General
-
Target
1ef15ee78f20dc055b39249c613a484f
-
Size
1008KB
-
Sample
231221-21j1ysgffj
-
MD5
1ef15ee78f20dc055b39249c613a484f
-
SHA1
16ab6442b5711eb54e54d36d780d0b18a0207f60
-
SHA256
f9123271679daa738822e490f6d71f27a8478ad773a2a60b261b31c3ecb72782
-
SHA512
8a6764785c60314c81ede797176d53211920bd037fa8d0f3f20758918f00a84ec757644039d5945ca4e6688a4bf7bc41f4a0aba146a5da7e0423825c192613d2
-
SSDEEP
24576:HHNiHXt734s2lrIrxT7ZhNlT7dkcOs/h/0S/:HtiHXtDImhX7ecOs/h/0S
Static task
static1
Behavioral task
behavioral1
Sample
1ef15ee78f20dc055b39249c613a484f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1ef15ee78f20dc055b39249c613a484f.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
1ef15ee78f20dc055b39249c613a484f
-
Size
1008KB
-
MD5
1ef15ee78f20dc055b39249c613a484f
-
SHA1
16ab6442b5711eb54e54d36d780d0b18a0207f60
-
SHA256
f9123271679daa738822e490f6d71f27a8478ad773a2a60b261b31c3ecb72782
-
SHA512
8a6764785c60314c81ede797176d53211920bd037fa8d0f3f20758918f00a84ec757644039d5945ca4e6688a4bf7bc41f4a0aba146a5da7e0423825c192613d2
-
SSDEEP
24576:HHNiHXt734s2lrIrxT7ZhNlT7dkcOs/h/0S/:HtiHXtDImhX7ecOs/h/0S
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-