General
-
Target
doc2019291888001990.pdf.exe
-
Size
476KB
-
Sample
220704-jcdj6afcfn
-
MD5
886ff484cf96959a78f2b45d42a8cb2e
-
SHA1
95e00817055aa3e802e02fa95cb6176a2e12b04c
-
SHA256
fa23336b3edcffd21b29e5873ca7775cd5b09026e93459792438c345c7ee39df
-
SHA512
fae192354c3b5984a2d1e45e93d65370f25a608ee2410ba9ce33bcd763f50db7243b4021b9cb962f1e7d2a88dba37267ca7efb2c18c3007393020a86bb0ec679
Static task
static1
Behavioral task
behavioral1
Sample
doc2019291888001990.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
doc2019291888001990.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5468731092:AAGGNQWBVRhX622u6xp1moMhaunIGtXuIxg/sendMessage?chat_id=1639214896
Targets
-
-
Target
doc2019291888001990.pdf.exe
-
Size
476KB
-
MD5
886ff484cf96959a78f2b45d42a8cb2e
-
SHA1
95e00817055aa3e802e02fa95cb6176a2e12b04c
-
SHA256
fa23336b3edcffd21b29e5873ca7775cd5b09026e93459792438c345c7ee39df
-
SHA512
fae192354c3b5984a2d1e45e93d65370f25a608ee2410ba9ce33bcd763f50db7243b4021b9cb962f1e7d2a88dba37267ca7efb2c18c3007393020a86bb0ec679
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-