Overview

overview

8

Static

static

3

snuscheck.exe

windows7-x64

8

snuscheck.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    snuscheck (1).rar

  • Size

    3.9MB

  • Sample

    240227-zv9nbabf5w

  • MD5

    2fee4f3cb06fe43601855e01924cd889

  • SHA1

    cc1f90f7f1de00cb7dd76f856de0187a5dbdee7e

  • SHA256

    77413a651c6961cc1fc91775ba0047d8db6efc3b6c016736b25943999edab8cf

  • SHA512

    b9f1411114595af62d1438d386adb7613d97b205c9bcc0b1d5f80856e10fcc7c44399725b0efb14f5868c08cb015c4265cfa719fe9c4dcdd6c803489772de4fe

  • SSDEEP

    98304:1u7RE4z4nLLo8mJ6SmflcRLjRt9fRLpfwTKwrLnV7R:slZz4w8mJ/UlcRJH7ub

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      snuscheck.exe

    • Size

      7.4MB

    • MD5

      b0829f271f2fb1a551778d12ec123a2e

    • SHA1

      6462cb98d22d3f18a2e66f3398e914badd9cd990

    • SHA256

      391294bf18ef31a1ceaf73139bc262284a8344da3e37fce61fb7bcc8aa6ad8ce

    • SHA512

      ffa998e06cbcb8899199c97c3fb48da292b9bab6e89aff6379bd3d586eb3492c77e21f367b00b4eec10fd2b4c7e0014d226ea428d7328c0e7244593a6d0b729c

    • SSDEEP

      98304:M2O45VA7lAZwy/EJW9y1bJR8djJxmnUt2zk6l9ANBYkZ//00vz:1OEA7lAmycJRq8kIi6s

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks