General
-
Target
$456,400_MT103_ADVICE_COPY.doc
-
Size
10KB
-
Sample
220706-htqqdahhgr
-
MD5
bf7597c04b3c217e99958f88e2c0f8d0
-
SHA1
610bd865bfb97a065b84ecdb8de23cbaf22933fb
-
SHA256
e645aef24ba9b241b006eeb7e3f6139cc756f82a81e1bea32125062214e6880e
-
SHA512
dbdbbda7b84bfeb91fe7fe71d18b59791edf7e2322121d8c513546917619a79e7460f4e2aabb841392842dcbd707126b88c7b8078e887cb215f8d4aebe20912b
Static task
static1
Behavioral task
behavioral1
Sample
$456,400_MT103_ADVICE_COPY.rtf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
$456,400_MT103_ADVICE_COPY.rtf
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5125489580:AAG9rJipU-Qp9bVmgyzvimlz5gpATRgg5qo/sendMessage?chat_id=5149913163
Targets
-
-
Target
$456,400_MT103_ADVICE_COPY.doc
-
Size
10KB
-
MD5
bf7597c04b3c217e99958f88e2c0f8d0
-
SHA1
610bd865bfb97a065b84ecdb8de23cbaf22933fb
-
SHA256
e645aef24ba9b241b006eeb7e3f6139cc756f82a81e1bea32125062214e6880e
-
SHA512
dbdbbda7b84bfeb91fe7fe71d18b59791edf7e2322121d8c513546917619a79e7460f4e2aabb841392842dcbd707126b88c7b8078e887cb215f8d4aebe20912b
Score10/10-
Snake Keylogger Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-