General
-
Target
PURCHASE ORDER-34002174,pdf.exe
-
Size
698KB
-
Sample
210408-p42r2mejf6
-
MD5
858d78c275b5e72931c0f8ae1b83e04e
-
SHA1
e6745cff963b1d3435650ce65c41d891dc4150b9
-
SHA256
bb424678bdfe5e374cf00fcf64006d700fcc77c9874494ad8802fca5bf1f2a24
-
SHA512
59dc41de6903da120b83cbd0e0a2b493dc34f647e12b31d877d7b6547f1a96d1d568c2cb0cf5a123d95d93341ae80e511e19ee05165db3e91d560ff8aef25493
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER-34002174,pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PURCHASE ORDER-34002174,pdf.exe
Resource
win10v20201028
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.delcoronascardigli.xyz - Port:
587 - Username:
info@delcoronascardigli.xyz - Password:
s)bZtFrf4
Targets
-
-
Target
PURCHASE ORDER-34002174,pdf.exe
-
Size
698KB
-
MD5
858d78c275b5e72931c0f8ae1b83e04e
-
SHA1
e6745cff963b1d3435650ce65c41d891dc4150b9
-
SHA256
bb424678bdfe5e374cf00fcf64006d700fcc77c9874494ad8802fca5bf1f2a24
-
SHA512
59dc41de6903da120b83cbd0e0a2b493dc34f647e12b31d877d7b6547f1a96d1d568c2cb0cf5a123d95d93341ae80e511e19ee05165db3e91d560ff8aef25493
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-