General
-
Target
wire_pmt_details_6212021,pdf.7z
-
Size
509KB
-
Sample
210621-kep2367h76
-
MD5
c1f4631dbf52bd39e93b66095ba20eff
-
SHA1
403da2b5ba1738aef0fcb1dc76c8996751dc9b0e
-
SHA256
0e5e4212729cd58a31421559db4c4b972306487beb067285ca1bd3324e059824
-
SHA512
53ff07a423b04fd9252228a1d80c1c21fb760c66ca4634792a4d7166ea1637b6919d7586aaf59e5addd2d7439883486799b03419cc93d3e6dc253f15a29e08f0
Static task
static1
Behavioral task
behavioral1
Sample
wire_pmt_details_6212021,pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
wire_pmt_details_6212021,pdf.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
nicolas.sautter@chsauter-bc.com - Password:
111aaa
Targets
-
-
Target
wire_pmt_details_6212021,pdf.exe
-
Size
695KB
-
MD5
e57cda842a821935f5819f7a861d1bcc
-
SHA1
053877f119d842e91d62af1e9082ac7b7222ad8d
-
SHA256
619d47029ebd28342d5a099b67d7eece183a4424d63b56abf66a7fe25169fca0
-
SHA512
1905ed39ca480526ce1d146fa7a316fe6856d1433238881c2748325ac8792da534e7fa0a6dd335c97b3f3e801f2382a7481113c41f2371eb68c5a16ba884f442
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-