General
-
Target
PURCHASE ORDER - XIFFA55,pdf.exe
-
Size
692KB
-
Sample
210408-bmb74ynaen
-
MD5
482d53033495eae28d1fac110da7c444
-
SHA1
47b22902f521a36b2e2fca3ff3f5bbe53ffc575a
-
SHA256
d87773d19e7e34fb8951d610e692a40b76fd8d7aedf06ba96e4ea8acfa8147e1
-
SHA512
d5d22cf9b46688591bc1471617fef337ec502a217ede686f66b06dc9e636141e7b7c710437bedec4a10f108ea9b3f3f89ecfdee1069fce028ee27383fde568a3
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER - XIFFA55,pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PURCHASE ORDER - XIFFA55,pdf.exe
Resource
win10v20201028
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1791466927:AAHD_mKnN05jD74hk8VEfBe-NORCSbM6oaM/sendMessage?chat_id=1413771094
Targets
-
-
Target
PURCHASE ORDER - XIFFA55,pdf.exe
-
Size
692KB
-
MD5
482d53033495eae28d1fac110da7c444
-
SHA1
47b22902f521a36b2e2fca3ff3f5bbe53ffc575a
-
SHA256
d87773d19e7e34fb8951d610e692a40b76fd8d7aedf06ba96e4ea8acfa8147e1
-
SHA512
d5d22cf9b46688591bc1471617fef337ec502a217ede686f66b06dc9e636141e7b7c710437bedec4a10f108ea9b3f3f89ecfdee1069fce028ee27383fde568a3
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-