General
-
Target
Image012.png.lnk
-
Size
2KB
-
Sample
240131-mw991sccel
-
MD5
395be4940bf35809d5bcfe58646b278c
-
SHA1
02b01088e3bb584641281c36118c930f3c9b963d
-
SHA256
4c5fe2c863349aa4f43dd9f9f932dac11576832a12bc5e84b840c09c1308f540
-
SHA512
9add65f4de5ef386b7191ac869ca1801dcdd9525189fdb94a5d86c82c4c51d983e3966ef148f392d48382588ed8882ea25120dcbd6bc8d8a7e63e362e6b2929b
Static task
static1
Behavioral task
behavioral1
Sample
Image012.png.lnk
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Image012.png.lnk
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
Image012.png.lnk
-
Size
2KB
-
MD5
395be4940bf35809d5bcfe58646b278c
-
SHA1
02b01088e3bb584641281c36118c930f3c9b963d
-
SHA256
4c5fe2c863349aa4f43dd9f9f932dac11576832a12bc5e84b840c09c1308f540
-
SHA512
9add65f4de5ef386b7191ac869ca1801dcdd9525189fdb94a5d86c82c4c51d983e3966ef148f392d48382588ed8882ea25120dcbd6bc8d8a7e63e362e6b2929b
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-