General
-
Target
DHL Invoice Details_pdf.exe
-
Size
439KB
-
Sample
210617-n81zyh9jya
-
MD5
b65da38c0e35fe94a335c21e0c636c5d
-
SHA1
abe45f712c1670cdecc9a800ff9523ce044efd39
-
SHA256
64155fff003f28e4a1de683141d2140b4160b01bbba6365dfd017f622dabdcf7
-
SHA512
3f1956073beb8c295c144707df565ca7f14fa4f36e49b394dcc0ed5158a99364375983ff57869f67a38e2da9dc254c0b908f5ab77f73f674480ad5692c587e92
Static task
static1
Behavioral task
behavioral1
Sample
DHL Invoice Details_pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DHL Invoice Details_pdf.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
gmicaprelam.in - Port:
587 - Username:
designer@gmicaprelam.in - Password:
designer2424@
Targets
-
-
Target
DHL Invoice Details_pdf.exe
-
Size
439KB
-
MD5
b65da38c0e35fe94a335c21e0c636c5d
-
SHA1
abe45f712c1670cdecc9a800ff9523ce044efd39
-
SHA256
64155fff003f28e4a1de683141d2140b4160b01bbba6365dfd017f622dabdcf7
-
SHA512
3f1956073beb8c295c144707df565ca7f14fa4f36e49b394dcc0ed5158a99364375983ff57869f67a38e2da9dc254c0b908f5ab77f73f674480ad5692c587e92
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-