Overview

overview

7

Static

static

3

SnowC2.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SnowC2.zip

  • Size

    15.3MB

  • Sample

    240311-q1lc8scb3v

  • MD5

    5f0cbed3d46a56bea0de82cb01e46ac3

  • SHA1

    7eae94abddcdadd0ad7f9f0f2872d18b60fc9159

  • SHA256

    a8dfe34fb5db2d6db99c1633cdd389573aff543595181968b1ce8eede1f9a572

  • SHA512

    f3ab6b3674c9271d56f142758e0b56ceb7f49c3dbbc15e676fda47aba32ef96d6dc184e51324013566b8aa3512061bc4860da67214e0254af73f5be79769cdc6

  • SSDEEP

    393216:eLPACh5Hov/PfRd6FDAVI+2bwKSLQr1JI0FRe6TgOg51b:mP/nHm/GFnzTrTNPel/51b

Score
7/10
pyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      SnowC2.exe

    • Size

      15.5MB

    • MD5

      9297e5aa77e67cc40595368cc8f02b03

    • SHA1

      38dbffabc842f9acfff14ff3a15a8cb8053dca37

    • SHA256

      20cb239648039f1aac8684fca1f1b55277958687e1f4c0c1fefcf4d56d7fdb0b

    • SHA512

      aa13180c39fb6c6a0ca1c361a2d641ac027fe9af41a5550a0e5fc305aaa129c83c32c4efac6b58699e05aec103b7f7f323b407315279461ca8019ea5c9bfc5e8

    • SSDEEP

      393216:2h9S2nnx837Xfx3etJurEUWjljEh01tbypd7XiWCoJ:w9Dnxq7odbJ91lyr+VoJ

    Score
    7/10
    spywarestealerupx

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks