General
-
Target
Proforma adjunta Nº 42037,pdf.exe
-
Size
34KB
-
Sample
210504-1rdlqp9abx
-
MD5
f7565a4825eb92f2859114bb5a08b60d
-
SHA1
83d47736d04939e1c01b3df7720109c6d5ca9f78
-
SHA256
2b3f661e6165b5a63130acb2509821a895f0eee94e7af31fdd6abd32db3ab687
-
SHA512
2ad41ac31f5349ca16bd6112663a7ca6dc4a9e77562ca12458a54337a779ffbb9b7b91a710cabd37944b001001fede4c803cd40e47e78393b13a162c9cf78ac4
Static task
static1
Behavioral task
behavioral1
Sample
Proforma adjunta Nº 42037,pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Proforma adjunta Nº 42037,pdf.exe
Resource
win10v20210408
Malware Config
Extracted
oski
203.159.80.72
Extracted
snakekeylogger
https://api.telegram.org/bot1761516426:AAE3Juu_v6fG9Gy1S33LdTvyz85ua-duZsk/sendMessage?chat_id=1727399585
Targets
-
-
Target
Proforma adjunta Nº 42037,pdf.exe
-
Size
34KB
-
MD5
f7565a4825eb92f2859114bb5a08b60d
-
SHA1
83d47736d04939e1c01b3df7720109c6d5ca9f78
-
SHA256
2b3f661e6165b5a63130acb2509821a895f0eee94e7af31fdd6abd32db3ab687
-
SHA512
2ad41ac31f5349ca16bd6112663a7ca6dc4a9e77562ca12458a54337a779ffbb9b7b91a710cabd37944b001001fede4c803cd40e47e78393b13a162c9cf78ac4
-
Snake Keylogger Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-