General
-
Target
Price inquiry.16.06.2021.pdf.exe
-
Size
780KB
-
Sample
210616-8hgzf5zprs
-
MD5
63e8946d9e7da82a176130ee5a5376cf
-
SHA1
19340ff0933bbd071360ea45a06bd7d86c910bb2
-
SHA256
79752df8218f83253e43c971c39923653e82c8411e76cd92d85a12447fde01dd
-
SHA512
fb6b4df37f411ccd18cf4b55ceedd94af0a539aff2e022ce45208163dcc936d403e040e5d3db91cce68bf163132f85b8bcb36bc19863575b64da40e3c609857e
Static task
static1
Behavioral task
behavioral1
Sample
Price inquiry.16.06.2021.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Price inquiry.16.06.2021.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ekonaz.com - Port:
587 - Username:
bilgi@ekonaz.com - Password:
251925
Targets
-
-
Target
Price inquiry.16.06.2021.pdf.exe
-
Size
780KB
-
MD5
63e8946d9e7da82a176130ee5a5376cf
-
SHA1
19340ff0933bbd071360ea45a06bd7d86c910bb2
-
SHA256
79752df8218f83253e43c971c39923653e82c8411e76cd92d85a12447fde01dd
-
SHA512
fb6b4df37f411ccd18cf4b55ceedd94af0a539aff2e022ce45208163dcc936d403e040e5d3db91cce68bf163132f85b8bcb36bc19863575b64da40e3c609857e
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-