General
-
Target
6b8c990c92c37f014fc93efd79c6fbb3a22e8da7961e9333644bfeac353a2ae2.exe
-
Size
658KB
-
Sample
241001-ha37csvgmq
-
MD5
1a694f22ea454e65a9fd08c895f9ee74
-
SHA1
d788f2a203dca1bed3015680c8198fd9b365f53c
-
SHA256
6b8c990c92c37f014fc93efd79c6fbb3a22e8da7961e9333644bfeac353a2ae2
-
SHA512
9a93580e16de929fb56c2645933e9b935e2732ed4858ee992bdcbabe6c54fa8aa9a1f9ade5dbb95b14e1f73d571acfe4799f1b2b9a25b8311695872199cc47eb
-
SSDEEP
12288:s1ZF8KS3TVjzgi7NTI50hY8Z2DEkjVsKDGixKbm3gP:sypjzg+m0WFsXe3g
Static task
static1
Behavioral task
behavioral1
Sample
6b8c990c92c37f014fc93efd79c6fbb3a22e8da7961e9333644bfeac353a2ae2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6b8c990c92c37f014fc93efd79c6fbb3a22e8da7961e9333644bfeac353a2ae2.exe
Resource
win10v2004-20240910-en
Malware Config
Targets
-
-
Target
6b8c990c92c37f014fc93efd79c6fbb3a22e8da7961e9333644bfeac353a2ae2.exe
-
Size
658KB
-
MD5
1a694f22ea454e65a9fd08c895f9ee74
-
SHA1
d788f2a203dca1bed3015680c8198fd9b365f53c
-
SHA256
6b8c990c92c37f014fc93efd79c6fbb3a22e8da7961e9333644bfeac353a2ae2
-
SHA512
9a93580e16de929fb56c2645933e9b935e2732ed4858ee992bdcbabe6c54fa8aa9a1f9ade5dbb95b14e1f73d571acfe4799f1b2b9a25b8311695872199cc47eb
-
SSDEEP
12288:s1ZF8KS3TVjzgi7NTI50hY8Z2DEkjVsKDGixKbm3gP:sypjzg+m0WFsXe3g
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-