General
-
Target
USD 16,750.05 Pdf.exe
-
Size
509KB
-
Sample
220706-qjx1psfbd3
-
MD5
09bbf8c6dc1b54b203b7c43c22459195
-
SHA1
dc1d716a403c9f35cf23d4a4f07973c2baba2193
-
SHA256
1bc45f2405cdf999cc944674cb3183b6157ded7f17789a5dab48e980d54a04ed
-
SHA512
b76e26046790c65e15b81ffc27847248e917866977c121101b26fda356506a9cccc1e5702b4ec5f293d2e9e5081ae180a8354070d1ca01a67f7d4f168e3199fb
Static task
static1
Behavioral task
behavioral1
Sample
USD 16,750.05 Pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
USD 16,750.05 Pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5597218256:AAE2Fu3SsKk-6ykjeaejgKQbF6Pwo3Ge3Aw/sendMessage?chat_id=1502175288
Targets
-
-
Target
USD 16,750.05 Pdf.exe
-
Size
509KB
-
MD5
09bbf8c6dc1b54b203b7c43c22459195
-
SHA1
dc1d716a403c9f35cf23d4a4f07973c2baba2193
-
SHA256
1bc45f2405cdf999cc944674cb3183b6157ded7f17789a5dab48e980d54a04ed
-
SHA512
b76e26046790c65e15b81ffc27847248e917866977c121101b26fda356506a9cccc1e5702b4ec5f293d2e9e5081ae180a8354070d1ca01a67f7d4f168e3199fb
Score10/10-
Snake Keylogger Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-