General
-
Target
IMG_53771.pdf.exe
-
Size
1.6MB
-
Sample
210119-37sjcg229a
-
MD5
86b54654ac95dc27eb76c8dce196d3b8
-
SHA1
d3f800c5cd196e72365de73c3b0f3b76d0540aef
-
SHA256
2109e18f96cf5f627351d52a48eecc483b67e02fd3f1a0e58088f615afc3737f
-
SHA512
a17e47307b1fe307138ea0cdb5d084d53b2cd41b08d602fe2a740ea1b77f66624d92ca46fe72fb494a8835caa4a45219b196a434f095c7372732e0821f4a2006
Static task
static1
Behavioral task
behavioral1
Sample
IMG_53771.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG_53771.pdf.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
IMG_53771.pdf.exe
-
Size
1.6MB
-
MD5
86b54654ac95dc27eb76c8dce196d3b8
-
SHA1
d3f800c5cd196e72365de73c3b0f3b76d0540aef
-
SHA256
2109e18f96cf5f627351d52a48eecc483b67e02fd3f1a0e58088f615afc3737f
-
SHA512
a17e47307b1fe307138ea0cdb5d084d53b2cd41b08d602fe2a740ea1b77f66624d92ca46fe72fb494a8835caa4a45219b196a434f095c7372732e0821f4a2006
Score10/10-
Snake Keylogger Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-