General
-
Target
proforma invoice No. 42037,pdf.exe
-
Size
31KB
-
Sample
210505-5gwpvb6see
-
MD5
1fc85b87347785b556af1d0f47a1f928
-
SHA1
c39c80b549f7dc46bfe18d5b956a4a17b28bac78
-
SHA256
a3ef4500e9f5f2447d55de102e2529a62b48f644b03d22199ce5c69c0ca57c88
-
SHA512
2c13b8f8e8845ed9ad2c5718a1fdbe16da06106b54cca04d8f978c0d15c1af8e90b900900e4b1c325e995ef5799101eee9edc182fc17c92dc33ecab478ac490c
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice No. 42037,pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
proforma invoice No. 42037,pdf.exe
Resource
win10v20210410
Malware Config
Extracted
oski
203.159.80.72
Extracted
snakekeylogger
https://api.telegram.org/bot1761516426:AAE3Juu_v6fG9Gy1S33LdTvyz85ua-duZsk/sendMessage?chat_id=1727399585
Targets
-
-
Target
proforma invoice No. 42037,pdf.exe
-
Size
31KB
-
MD5
1fc85b87347785b556af1d0f47a1f928
-
SHA1
c39c80b549f7dc46bfe18d5b956a4a17b28bac78
-
SHA256
a3ef4500e9f5f2447d55de102e2529a62b48f644b03d22199ce5c69c0ca57c88
-
SHA512
2c13b8f8e8845ed9ad2c5718a1fdbe16da06106b54cca04d8f978c0d15c1af8e90b900900e4b1c325e995ef5799101eee9edc182fc17c92dc33ecab478ac490c
-
Snake Keylogger Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-