General
-
Target
eInvoicing.zip
-
Size
468KB
-
Sample
210421-2jrz68hk62
-
MD5
16ff85e317c337d76c347c58b832b8a6
-
SHA1
4cab8381568603956f4be0fb3b9a32acfe009a53
-
SHA256
384eb845fda2afda46c34577285dd700339ef0790a9801b534bbb2ed099bb01d
-
SHA512
03cc1567a32582fd5cde8077d90958d74e3a81c72a373c7253a2dd2076e1631331f6837493c1f860b498a7bc0d47893766315e07db0f3de7f8a24b9fa570c679
Static task
static1
Behavioral task
behavioral1
Sample
eInvoicing,pdf.scr
Resource
win7v20210408
Behavioral task
behavioral2
Sample
eInvoicing,pdf.scr
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.aruscomext.com - Port:
587 - Username:
pushlogz@aruscomext.com - Password:
Qazplm@123@123
Targets
-
-
Target
eInvoicing,pdf.scr
-
Size
571KB
-
MD5
e85eff78443b05963b6333c5f756a489
-
SHA1
148ec1a59775c3c4c4937a1552a2e9beec5d19db
-
SHA256
07385e896a1f78be3cc2e6654c6665a1e01e91480f1d5b8671e4e74bcdb5df4b
-
SHA512
13fdd94b2aed017e4300986b5698cf79ddb04755b305158fb03f6201ff57ed8824c3ca749e5908ae46c8794274e59a8547976afe6f83d09c8b6530084c967ec7
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-