General
-
Target
C103-202005514-05,PDF.exe
-
Size
584KB
-
Sample
210120-3hpeb35vxa
-
MD5
eedd3f21579280588e987a0431315356
-
SHA1
e4232454d3c2e86fedba56dbb0f83363dbfe96bf
-
SHA256
cdc918638a38eb856105db8b22281142b5cc58f6538ad4e848e45d552332b5fd
-
SHA512
f1934302099a9d9e45e9aeba3f7fea64fb15021888580bfbe2e21e3a7183e2e01919f2f36163a328480e6d89607baf8ac8ba7180f0975cb103c1e37850d79c64
Static task
static1
Behavioral task
behavioral1
Sample
C103-202005514-05,PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
C103-202005514-05,PDF.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
smt.treat@yandex.com - Password:
WyhjVTBX5hjrgu7
Targets
-
-
Target
C103-202005514-05,PDF.exe
-
Size
584KB
-
MD5
eedd3f21579280588e987a0431315356
-
SHA1
e4232454d3c2e86fedba56dbb0f83363dbfe96bf
-
SHA256
cdc918638a38eb856105db8b22281142b5cc58f6538ad4e848e45d552332b5fd
-
SHA512
f1934302099a9d9e45e9aeba3f7fea64fb15021888580bfbe2e21e3a7183e2e01919f2f36163a328480e6d89607baf8ac8ba7180f0975cb103c1e37850d79c64
Score10/10-
Snake Keylogger Payload
-
Drops startup file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-