General
-
Target
IMG_9501.EXE
-
Size
1.4MB
-
Sample
210122-q7gdfp8qcx
-
MD5
e3d9793d14ec64e2398c709a3483c212
-
SHA1
6a86e4ecd6529345e29fb461b59787a7560f4865
-
SHA256
14dc0be4a9f52bb8c9614621b4d521ed56592dcde2483b6ff099d061bcb7cada
-
SHA512
f3c0a8818fcc5bb09bd76fad45d49bb7af155e5c77bb58aac66323efb71c0a4853813c3ef964694e1b8df3e325a0602ec683f478a575616947a7624b8406128f
Static task
static1
Behavioral task
behavioral1
Sample
IMG_9501.EXE
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG_9501.EXE
Resource
win10v20201028
Malware Config
Targets
-
-
Target
IMG_9501.EXE
-
Size
1.4MB
-
MD5
e3d9793d14ec64e2398c709a3483c212
-
SHA1
6a86e4ecd6529345e29fb461b59787a7560f4865
-
SHA256
14dc0be4a9f52bb8c9614621b4d521ed56592dcde2483b6ff099d061bcb7cada
-
SHA512
f3c0a8818fcc5bb09bd76fad45d49bb7af155e5c77bb58aac66323efb71c0a4853813c3ef964694e1b8df3e325a0602ec683f478a575616947a7624b8406128f
-
Snake Keylogger Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-