General
-
Target
DHL_1012617429350,pdf.exe
-
Size
230KB
-
Sample
211019-kce9esgcgk
-
MD5
5cab111e16c4473b848206291ddb2668
-
SHA1
64bb159114230467d5c56e9041e9270d2c2615f2
-
SHA256
4b64ebe81e55e2ed6e6317f516851fa1b52a3b94a7f139a61234aed6bcb97da2
-
SHA512
f2ac18a0a9f74580055ea60a4ffe54b664b10f1c89b31d6f92a59f0a27710bff874870dba412f0a1743aaf46721aa6ab51276729aeb3613dbd9b225a946b49a6
Static task
static1
Behavioral task
behavioral1
Sample
DHL_1012617429350,pdf.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
DHL_1012617429350,pdf.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.tecnotrip.xyz - Port:
587 - Username:
[email protected] - Password:
hcRRNyX6
Targets
-
-
Target
DHL_1012617429350,pdf.exe
-
Size
230KB
-
MD5
5cab111e16c4473b848206291ddb2668
-
SHA1
64bb159114230467d5c56e9041e9270d2c2615f2
-
SHA256
4b64ebe81e55e2ed6e6317f516851fa1b52a3b94a7f139a61234aed6bcb97da2
-
SHA512
f2ac18a0a9f74580055ea60a4ffe54b664b10f1c89b31d6f92a59f0a27710bff874870dba412f0a1743aaf46721aa6ab51276729aeb3613dbd9b225a946b49a6
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-