General
-
Target
PARA SVIFT.exe
-
Size
645KB
-
Sample
240201-knqjjahhgl
-
MD5
47993e39bf9b7edf439b80a02c9a2445
-
SHA1
89c7c1d18986b961bb9771264dc39f1749d04169
-
SHA256
1e81361638134c8e01a9f3e77e59fc9681538cf07418bbcd8fb8be2524854937
-
SHA512
75fa793fb462ae317e773ef9b256d892849d45ad17bcd5700ab0cbbfc8b1360ac9b3ead9661e471445a2ea970b2ce17db2cf828afabe02e01716f3062a5ce526
-
SSDEEP
12288:ENFnrd53rD22q1hafRNBHiw5i7dYopdpd5LDFzXcdH9GmSn:ETn3rDIypNBHi7RdhLDJXcum
Static task
static1
Behavioral task
behavioral1
Sample
PARA SVIFT.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
PARA SVIFT.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
PARA SVIFT.exe
-
Size
645KB
-
MD5
47993e39bf9b7edf439b80a02c9a2445
-
SHA1
89c7c1d18986b961bb9771264dc39f1749d04169
-
SHA256
1e81361638134c8e01a9f3e77e59fc9681538cf07418bbcd8fb8be2524854937
-
SHA512
75fa793fb462ae317e773ef9b256d892849d45ad17bcd5700ab0cbbfc8b1360ac9b3ead9661e471445a2ea970b2ce17db2cf828afabe02e01716f3062a5ce526
-
SSDEEP
12288:ENFnrd53rD22q1hafRNBHiw5i7dYopdpd5LDFzXcdH9GmSn:ETn3rDIypNBHi7RdhLDJXcum
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-