General
-
Target
Photo01.jpg.lnk
-
Size
2KB
-
Sample
240131-mw991saeb9
-
MD5
2b91c1d78d8e65a4a8a4c8bb89267e7f
-
SHA1
37092cdcc30b44403638e19bb2b214e6fe9be2b2
-
SHA256
335dbbec54330e455233417d1ce7dd7ccc0550c1c8bdf8eaf6d3e54f1c5f0b6a
-
SHA512
6a2fe949bb755fb770d1c1c42cd0288a1f1ef1cb783aead550066ac3aa09c740ceaf13990f62400021adcd08432035147c21cb22f186969b3eec37784a2a370f
Static task
static1
Behavioral task
behavioral1
Sample
Photo01.jpg.lnk
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Photo01.jpg.lnk
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Photo01.jpg.lnk
-
Size
2KB
-
MD5
2b91c1d78d8e65a4a8a4c8bb89267e7f
-
SHA1
37092cdcc30b44403638e19bb2b214e6fe9be2b2
-
SHA256
335dbbec54330e455233417d1ce7dd7ccc0550c1c8bdf8eaf6d3e54f1c5f0b6a
-
SHA512
6a2fe949bb755fb770d1c1c42cd0288a1f1ef1cb783aead550066ac3aa09c740ceaf13990f62400021adcd08432035147c21cb22f186969b3eec37784a2a370f
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-