General
-
Target
IMG_40317.pdf.exe
-
Size
1.4MB
-
Sample
210120-4apmd8neej
-
MD5
9da79ca571b3427fbd82003b94ee08d2
-
SHA1
3e00a65e6f87ffe3d210e41fe0fef1017be59d9b
-
SHA256
ae33318e53652eda0917a4f856ecf0041d8f57b73bf82bc6322921ea16654a04
-
SHA512
033edcb711c8c38de1f0acdbca86d1e624602c4c052773a06bb5145ec80f77a42407b072d2c36454878b6f6e1a026d0ce5cca0e5f7e2688ee2e5c9d3918fb945
Static task
static1
Behavioral task
behavioral1
Sample
IMG_40317.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG_40317.pdf.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
IMG_40317.pdf.exe
-
Size
1.4MB
-
MD5
9da79ca571b3427fbd82003b94ee08d2
-
SHA1
3e00a65e6f87ffe3d210e41fe0fef1017be59d9b
-
SHA256
ae33318e53652eda0917a4f856ecf0041d8f57b73bf82bc6322921ea16654a04
-
SHA512
033edcb711c8c38de1f0acdbca86d1e624602c4c052773a06bb5145ec80f77a42407b072d2c36454878b6f6e1a026d0ce5cca0e5f7e2688ee2e5c9d3918fb945
Score10/10-
Snake Keylogger Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-