General
-
Target
PO. 4500129645.pdf.exe
-
Size
549KB
-
Sample
220521-a6x18aeddm
-
MD5
f7c5e33a5643b753e390d04823584f71
-
SHA1
62b46991b702107cd1ee9871b1c1a417a3346616
-
SHA256
dee9479a27f8281c61fa8e25f006e01087e5dabad181cdb262bd8e9f4696e851
-
SHA512
c871b0597199f11b5273359b5de4d314517b1c226f99542f676f61b230b35e6dc1633356fa2cf016567757ef59cb01d8f408cf542f38aa19fd1b13e00652d94a
Static task
static1
Behavioral task
behavioral1
Sample
PO. 4500129645.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO. 4500129645.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5392870078:AAEZf0ajeo_PMkBddeC_JE--NP4u4367N6c/sendMessage?chat_id=1856108848
Targets
-
-
Target
PO. 4500129645.pdf.exe
-
Size
549KB
-
MD5
f7c5e33a5643b753e390d04823584f71
-
SHA1
62b46991b702107cd1ee9871b1c1a417a3346616
-
SHA256
dee9479a27f8281c61fa8e25f006e01087e5dabad181cdb262bd8e9f4696e851
-
SHA512
c871b0597199f11b5273359b5de4d314517b1c226f99542f676f61b230b35e6dc1633356fa2cf016567757ef59cb01d8f408cf542f38aa19fd1b13e00652d94a
Score10/10-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-