General
-
Target
a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947.exe
-
Size
1.1MB
-
Sample
240625-b4m9nsxbrm
-
MD5
b4c98a79ece4709578cb71687dd964ef
-
SHA1
eb46ffca99c82668f5dae7f3097d103d8254bf2c
-
SHA256
a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947
-
SHA512
e5f19a3acb38789f429d0dcce061498aa5c3083c5da56aa9a27e1951b23f892366f404658a5e84ffcd517cd42fa67adc86ab46236d3bcf925f85499c5d99f31c
-
SSDEEP
24576:gAHnh+eWsN3skA4RV1Hom2KXMmHa3xpvrd1TpY2zntv7UrIGwOn5:Xh+ZkldoPK8Ya3xhTLzntvgrIg
Static task
static1
Behavioral task
behavioral1
Sample
a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947.exe
-
Size
1.1MB
-
MD5
b4c98a79ece4709578cb71687dd964ef
-
SHA1
eb46ffca99c82668f5dae7f3097d103d8254bf2c
-
SHA256
a5fd3881443c22686f44f95392f2ad3645e2ce59868df87078be5f825c1fa947
-
SHA512
e5f19a3acb38789f429d0dcce061498aa5c3083c5da56aa9a27e1951b23f892366f404658a5e84ffcd517cd42fa67adc86ab46236d3bcf925f85499c5d99f31c
-
SSDEEP
24576:gAHnh+eWsN3skA4RV1Hom2KXMmHa3xpvrd1TpY2zntv7UrIGwOn5:Xh+ZkldoPK8Ya3xhTLzntvgrIg
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-