General
-
Target
Presupuesto urgente PST56654256778982, pdf.exe
-
Size
852KB
-
Sample
210504-bpyyxrws3a
-
MD5
d6b608c55871cf8d00f5daacd3d8c858
-
SHA1
3a53fd8d9d5e5b136aea4083f6881a18c59414ef
-
SHA256
acb59cfe4c0dcdfdbc835fce99582cae54d6d3afb2233eab94a0a22bfd2c2dd7
-
SHA512
de560ca58c73b30d40f609b2982b60443c962e714810636b2cff9c4a318b39cf3acfe48ddbd4d0d37569a858a54d0525e5900772e5cbb1fba0c942c4b58bd274
Static task
static1
Behavioral task
behavioral1
Sample
Presupuesto urgente PST56654256778982, pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Presupuesto urgente PST56654256778982, pdf.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.endovision.xyz - Port:
587 - Username:
info@endovision.xyz - Password:
r)($czxJs0
Targets
-
-
Target
Presupuesto urgente PST56654256778982, pdf.exe
-
Size
852KB
-
MD5
d6b608c55871cf8d00f5daacd3d8c858
-
SHA1
3a53fd8d9d5e5b136aea4083f6881a18c59414ef
-
SHA256
acb59cfe4c0dcdfdbc835fce99582cae54d6d3afb2233eab94a0a22bfd2c2dd7
-
SHA512
de560ca58c73b30d40f609b2982b60443c962e714810636b2cff9c4a318b39cf3acfe48ddbd4d0d37569a858a54d0525e5900772e5cbb1fba0c942c4b58bd274
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-