General
-
Target
BEIJING XIANTE TECHNOLOGY-Materials (MD) RFQ21-1005R1.pdf.zipx
-
Size
512KB
-
Sample
220705-pf2ztaahf2
-
MD5
08307d5f55cc9efa130d41cf2485ec61
-
SHA1
92cbf12a6ca6baa2ba6c8b74e7e9c5ad9b24e9ff
-
SHA256
62d027e4200988773e4a37cffc36254c125751fe64714a956fbdfaa4dc212f43
-
SHA512
319b69681aca9542e0f5250786c18e39cd28687efa71762c2882af1d6a9fed17bcc8e35b68362dc3df8d8017b3dc77e98b57bddebd95999e362ecb13cd79598b
Static task
static1
Behavioral task
behavioral1
Sample
BEIJING XIANTE TECHNOLOGY-Materials (MD) RFQ21-1005R1.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BEIJING XIANTE TECHNOLOGY-Materials (MD) RFQ21-1005R1.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
office@stilltech.ro - Password:
eurobit555ro - Email To:
graceunlimited153@gmail.com
Targets
-
-
Target
BEIJING XIANTE TECHNOLOGY-Materials (MD) RFQ21-1005R1.pdf.exe
-
Size
561KB
-
MD5
c01e2956b20349d01fd6f43f9a7ef0c3
-
SHA1
4799db2196420cc90b24e28519ed459119d71fca
-
SHA256
f479546b3b39902eed49ccdd2749bde0d6ffb260311f8a8240fa69700e2a200e
-
SHA512
e3b466d2e32b1b3e18cc8669f957cf8dc66ca85827a2f40083931e0d72da8f67d8b01b71fea9bd8f601143d071f729184b9685198a974c247aaac7958141f469
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-