General
-
Target
PURCHASE_ORDER_0098_PDF.exe
-
Size
435KB
-
Sample
210511-2dblxtk71x
-
MD5
b50fe78f59ae343a4ea40475ee85685d
-
SHA1
0866696f3395ae375cfe7b2a9051fe570fe8544a
-
SHA256
e42652363da5db38ce553de583825a570fc76123af18a59550b3956dd3d573d0
-
SHA512
5e3f332d5cb071c5311aa2d7abf8bb2e9a11e47bc9a75d1565d7f21b4999091101e25bc2a08b1a197094bcd9b9094e6fc01bcb1fdfbd4aa9008f020935c0242c
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE_ORDER_0098_PDF.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PURCHASE_ORDER_0098_PDF.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.greentrading.com.pk - Port:
587 - Username:
info@greentrading.com.pk - Password:
lovetoall
Targets
-
-
Target
PURCHASE_ORDER_0098_PDF.exe
-
Size
435KB
-
MD5
b50fe78f59ae343a4ea40475ee85685d
-
SHA1
0866696f3395ae375cfe7b2a9051fe570fe8544a
-
SHA256
e42652363da5db38ce553de583825a570fc76123af18a59550b3956dd3d573d0
-
SHA512
5e3f332d5cb071c5311aa2d7abf8bb2e9a11e47bc9a75d1565d7f21b4999091101e25bc2a08b1a197094bcd9b9094e6fc01bcb1fdfbd4aa9008f020935c0242c
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-