General
-
Target
Remittance copy.PDF.exe
-
Size
474KB
-
Sample
220704-jcdj6ahdg7
-
MD5
47dec80e1814ef478f35b9ba5036c61b
-
SHA1
993be681841345715d36ce0253c3db6aa37256d9
-
SHA256
df1ea458ba38091e5f1739ed561cf1424a0b25673405f29276db3a5aa03f9187
-
SHA512
0cd79fd1ccc1e9b1787ab366ac940c257c280405c79084c258c157c693feb76debeaa7a0bf2b6297eb87a69df9f570d3122d2afa1d99368b1530db54e3702cc8
Static task
static1
Behavioral task
behavioral1
Sample
Remittance copy.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Remittance copy.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
office@stilltech.ro - Password:
eurobit555ro - Email To:
princenewman1111@gmail.com
Targets
-
-
Target
Remittance copy.PDF.exe
-
Size
474KB
-
MD5
47dec80e1814ef478f35b9ba5036c61b
-
SHA1
993be681841345715d36ce0253c3db6aa37256d9
-
SHA256
df1ea458ba38091e5f1739ed561cf1424a0b25673405f29276db3a5aa03f9187
-
SHA512
0cd79fd1ccc1e9b1787ab366ac940c257c280405c79084c258c157c693feb76debeaa7a0bf2b6297eb87a69df9f570d3122d2afa1d99368b1530db54e3702cc8
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-