Overview

overview

10

Static

static

3

お見積�...��.exe

windows10-1703-x64

10

お見積�...��.exe

windows10-2004-x64

10

Resubmissions

01-10-2024 06:10

241001-gxfh5svaqk 10

01-10-2024 06:10

241001-gw8hjaycpg 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    お見積り依頼.zip

  • Size

    523KB

  • Sample

    241001-gxfh5svaqk

  • MD5

    b3265243169a4a74730c4a6d3f667e2d

  • SHA1

    55c68c167d48049cc49bc8631cab03a016791a95

  • SHA256

    d97212f6b53955910db46c5bcda4fbe0eb109712d4b3bb1e139aee1b56ade30f

  • SHA512

    4e82a65e799c96ee733230658c5504620cabdb9fe55f2817ecd3c4b4b36c0c87b8d7d60e2c2ade79c8054a8629b3fcaa878c42c10cb57e76b84473acf3600e4c

  • SSDEEP

    12288:junwNtDM0ap9zDNGrG29xy52e94CeXF65u9d6oR:jwwNto0e9zZnxT+d65IhR

Score
10/10
snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Targets

    • Target

      お見積り依頼.exe

    • Size

      617KB

    • MD5

      7c1e195506cf284e5b49c8b3233a17ca

    • SHA1

      21965a5bbbb0eb10a8943e0f0ad80f5077a87695

    • SHA256

      759bf48589770e15226a694e1d8ea23a58e69f5121958eb692c68d46a59a25b4

    • SHA512

      e785e17bee1abdc476ef3e12f76d5b77113ad318c4a0feb1f6a4f6060bf2ab0643d8af2d38c7718f83cbf60f0cbcb2b40037cccf9ef05b4d4aac62a8f551e27d

    • SSDEEP

      12288:B5oRpQVnipnobW7NGzGW9x252e96CjrzhnheagXJ:joUnKCqVvT8I/UJ

    Score
    10/10
    snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks