Overview

overview

10

Static

static

PAYMENT VO...df.exe

windows7_x64

9

PAYMENT VO...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAYMENT VOUCHER096685_pdf.exe

  • Size

    1.2MB

  • Sample

    210726-7wsqrvqqwe

  • MD5

    aa2ca32a841ee37f74ccb2f1ec169261

  • SHA1

    c5b808ff040ba398886092841b02ecbfda8bc584

  • SHA256

    941a701614e8220c3599ad892dc9ce472fef5f7747df9e718ad8e1403851754c

  • SHA512

    d021306b518b1b2cb18085e2a214bca98e351933e0ec2e1da151d6c609eda5f4feb078377a1354413a3af960c7824273def61181b6818180538e22ef5f486397

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.rainspor.com
  • Port:
    465
  • Username:
    assad@rainspor.com
  • Password:
    assad123assad
C2

https://api.telegram.org/bot1873568730:AAH34RvZUhseosgmzTpwFwYgrvFwcg8jqaA/sendMessage?chat_id=1810577695

Targets

    • Target

      PAYMENT VOUCHER096685_pdf.exe

    • Size

      1.2MB

    • MD5

      aa2ca32a841ee37f74ccb2f1ec169261

    • SHA1

      c5b808ff040ba398886092841b02ecbfda8bc584

    • SHA256

      941a701614e8220c3599ad892dc9ce472fef5f7747df9e718ad8e1403851754c

    • SHA512

      d021306b518b1b2cb18085e2a214bca98e351933e0ec2e1da151d6c609eda5f4feb078377a1354413a3af960c7824273def61181b6818180538e22ef5f486397

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks