Overview

overview

10

Static

static

3

お見積�...��.exe

windows10-1703-x64

10

お見積�...��.exe

windows10-2004-x64

10

Resubmissions

01-10-2024 05:13

241001-fwv2rsscqm 10

01-10-2024 05:10

241001-ft4acswekb 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    お見積り依頼.zip

  • Size

    530KB

  • Sample

    241001-fwv2rsscqm

  • MD5

    de0714e8f4a00a71452a5b6d8f0db7b8

  • SHA1

    8a8e0146138131e210c92b33e61f59ea3f575cfa

  • SHA256

    2c56f1f8f12cdf501122a7729d571b2952873f844bb067ea4c59293d9487ae0f

  • SHA512

    973e90556106dbf61e6db877e616a91053597d103d2e23759bff51646f86ab83b965dd9d26e0281aa9a1c039a91a4273050a494a7953aa8781990d14806330bb

  • SSDEEP

    12288:oMzkHlBdUtyZoLjU5zNePeOTj/iaACe60Y7nmooHh:4PdUYmLjU5zNQbTj/iArcHh

Score
10/10
snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Targets

    • Target

      お見積り依頼.exe

    • Size

      625KB

    • MD5

      a0ecf580ff9dfd9e2a7fa0c3d65f7fd6

    • SHA1

      bbe051177c884c85675df9747d86efa1db0f77a4

    • SHA256

      c46f4ce81d7501f1beca7fb5c694a7e2883ba4e29c498772c448232f7473aafe

    • SHA512

      ef030e4ea6807ec2276e32772a517bca9f88a4891e291d3baf4a5c7dae1739604df173198eccb8583344c6f4d918b7df2f6c298f0be8b5bae4c123e7fdad34fa

    • SSDEEP

      12288:oJOkHljdod9R5CHTCIM0Tr/koAyUoQepfHsz:g69R5ObpTr/kAPjO

    Score
    10/10
    snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks