General
-
Target
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604dN
-
Size
723KB
-
Sample
241013-vm5beascjp
-
MD5
e8ac142097057e54c67c573ffc4b5200
-
SHA1
e853bad28e0fabc35e2a14788a6bde6fd28095c1
-
SHA256
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604d
-
SHA512
904be41ed9d42e2de44e3c43d200eab88b068a4789cebf0180a636bdc9eb6f775ca809050b0f06b86b7d7c477848bd117840013c84b1a446ee53cb6da86affa9
-
SSDEEP
12288:+lE9vdcyerVbCx3YNgn0QH72F3JfMNtGVp6yLUYKw7/vAWwFiacwdiHUJ1t6rR:WE9verVbCx3YNgngRppj7/EwacwQ0Jr6
Static task
static1
Behavioral task
behavioral1
Sample
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604dN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604dN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604dN
-
Size
723KB
-
MD5
e8ac142097057e54c67c573ffc4b5200
-
SHA1
e853bad28e0fabc35e2a14788a6bde6fd28095c1
-
SHA256
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604d
-
SHA512
904be41ed9d42e2de44e3c43d200eab88b068a4789cebf0180a636bdc9eb6f775ca809050b0f06b86b7d7c477848bd117840013c84b1a446ee53cb6da86affa9
-
SSDEEP
12288:+lE9vdcyerVbCx3YNgn0QH72F3JfMNtGVp6yLUYKw7/vAWwFiacwdiHUJ1t6rR:WE9verVbCx3YNgngRppj7/EwacwQ0Jr6
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-