General
-
Target
Request for quotation.pdf.exe
-
Size
833KB
-
Sample
210121-sg2n5hlry6
-
MD5
0a6a9a6952d0843b4e30de450fc6f4dc
-
SHA1
2a0e41b31f4ad88bfc01da061580823291a79e4f
-
SHA256
2a14b5270f533a8a0ee7448977d31be369f3d54ca661e75dabf8561e8581751b
-
SHA512
e5b6eb3c3b5fea0440086decb37c7e08d686e69dae8449d9af33293db2af16f8637eb671b07141e13208e2543c1104326999789574b3f2bfa93bf856cc32f967
Static task
static1
Behavioral task
behavioral1
Sample
Request for quotation.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Request for quotation.pdf.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Request for quotation.pdf.exe
-
Size
833KB
-
MD5
0a6a9a6952d0843b4e30de450fc6f4dc
-
SHA1
2a0e41b31f4ad88bfc01da061580823291a79e4f
-
SHA256
2a14b5270f533a8a0ee7448977d31be369f3d54ca661e75dabf8561e8581751b
-
SHA512
e5b6eb3c3b5fea0440086decb37c7e08d686e69dae8449d9af33293db2af16f8637eb671b07141e13208e2543c1104326999789574b3f2bfa93bf856cc32f967
Score10/10-
Snake Keylogger Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-