General
-
Target
19870017af38aa7315ac6e67d6254aa0946c8264a9828f20627eac76297879c1.exe
-
Size
712KB
-
Sample
241109-cr2f7svfrl
-
MD5
0f84063e1e3c819d8f657eb69da37be0
-
SHA1
513a8592a50f7810eb34a375209b585fe0309cbb
-
SHA256
19870017af38aa7315ac6e67d6254aa0946c8264a9828f20627eac76297879c1
-
SHA512
afe7e12d8f39681dc6e198750b89216c34519ee78c5c7def5d0bd27a79746b86c0e21e1aea97f991837b671781f4a10de21d2ab174446924e7b0faea256b86be
-
SSDEEP
12288:K3C6nv1tWDGbGar8R5wjDPdYHIqJSUW/PLlkt9PMGvKMNQTWH+mwuTWxS:K3rKDPC8LwjRYHIqJSUW/PLW9UGR6Wez
Static task
static1
Behavioral task
behavioral1
Sample
19870017af38aa7315ac6e67d6254aa0946c8264a9828f20627eac76297879c1.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
19870017af38aa7315ac6e67d6254aa0946c8264a9828f20627eac76297879c1.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
19870017af38aa7315ac6e67d6254aa0946c8264a9828f20627eac76297879c1.exe
-
Size
712KB
-
MD5
0f84063e1e3c819d8f657eb69da37be0
-
SHA1
513a8592a50f7810eb34a375209b585fe0309cbb
-
SHA256
19870017af38aa7315ac6e67d6254aa0946c8264a9828f20627eac76297879c1
-
SHA512
afe7e12d8f39681dc6e198750b89216c34519ee78c5c7def5d0bd27a79746b86c0e21e1aea97f991837b671781f4a10de21d2ab174446924e7b0faea256b86be
-
SSDEEP
12288:K3C6nv1tWDGbGar8R5wjDPdYHIqJSUW/PLlkt9PMGvKMNQTWH+mwuTWxS:K3rKDPC8LwjRYHIqJSUW/PLW9UGR6Wez
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-