General
-
Target
f12073d1fe5de625e27e1e4001209cb02176472fbd0f3e5910299c6e5f361890
-
Size
342KB
-
Sample
231226-zksxtafbcq
-
MD5
5e2749dc1d0beed328f313b6737959fa
-
SHA1
9482b1677c117de076c2783806430e0cd351c743
-
SHA256
f12073d1fe5de625e27e1e4001209cb02176472fbd0f3e5910299c6e5f361890
-
SHA512
301a891c1b0219ab91ce16a5e13938c7d694cb42e2694af235d2881977ff0673484a4dc303f811d01b2427269259dcbdcefd8c974ee6721620c70c2ef36c5e96
-
SSDEEP
6144:m54L5P2cXDoA/zO+wDnxNGkiBhBgLds44Ky2x0Cx0YOKoKAtrgt:q4L5P2czXWL7EBga44KlWdaZtt
Static task
static1
Behavioral task
behavioral1
Sample
specifications.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
specifications.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
specifications.exe
-
Size
430KB
-
MD5
78d347cdf5e45af486ca6fcc2756651b
-
SHA1
dbc6a1164eb07611944040d9091113568a7588ef
-
SHA256
aa733006f49afe10de1ea472aba0b3e8e8192bc59d3a3b244d6953d493e57be9
-
SHA512
f8fd694d60da9ac464ce5ed92ff9f8c86701b599869a075ec384a7ee9831f4f289e8e22b9bbbe8a61445cdfc43f2b436ebda562cec01ba2b5227390c77824f50
-
SSDEEP
12288:+lQjc/wxiNUzmVFLLUB6A9nTPGWlQB/LVDquaLXQoTNF:3eUYUzmVDALGWlQxLVHa7xT
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-