General
-
Target
Transfer-Advice000601021_PDF.exe
-
Size
839KB
-
Sample
210610-tl3tchdawa
-
MD5
eb71c02718253983208789352b16ea53
-
SHA1
61a977ef8c7c5d7aec3511b82b17c4f51233c0f7
-
SHA256
381ce996921c485ddea9976a0904b1b7a48e3cefed916d76ff609e9ea1257c62
-
SHA512
cd5f28a61ca76cd5cdab8b2690431ba38357089e2051c90927d03154871df5b9d0562cc85a430aed3071401b3bdad017aa59f25058e79e205a973ca29ed7c3ce
Static task
static1
Behavioral task
behavioral1
Sample
Transfer-Advice000601021_PDF.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Transfer-Advice000601021_PDF.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1873568730:AAH34RvZUhseosgmzTpwFwYgrvFwcg8jqaA/sendMessage?chat_id=1810577695
Targets
-
-
Target
Transfer-Advice000601021_PDF.exe
-
Size
839KB
-
MD5
eb71c02718253983208789352b16ea53
-
SHA1
61a977ef8c7c5d7aec3511b82b17c4f51233c0f7
-
SHA256
381ce996921c485ddea9976a0904b1b7a48e3cefed916d76ff609e9ea1257c62
-
SHA512
cd5f28a61ca76cd5cdab8b2690431ba38357089e2051c90927d03154871df5b9d0562cc85a430aed3071401b3bdad017aa59f25058e79e205a973ca29ed7c3ce
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-