General
-
Target
Our New Order July 07 2022 at 2.30_PVV440_PDF.exe
-
Size
1.2MB
-
Sample
220706-ta2t3seebn
-
MD5
66c648b8f759c6136a9bbe8fe8d33662
-
SHA1
705174e60e260ec728f4233f113e1dad5044c02d
-
SHA256
e1875dc29291738e0abbf10c6ae7d5dcc89f8bdaa69d3c252beab1c8c77e0cc6
-
SHA512
c863893b090eb0c314ff1818041f62277c6c91f792185158f29992a2d3ee1239e338a958d5426133b487e2a079c6fe1e130f233eac04af5ac0803af1cc167189
Static task
static1
Behavioral task
behavioral1
Sample
Our New Order July 07 2022 at 2.30_PVV440_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Our New Order July 07 2022 at 2.30_PVV440_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.kolliopoulos.gr - Port:
587 - Username:
kolliopoulos@kolliopoulos.gr - Password:
@koL1208LoS@ - Email To:
kolliopoulos@kolliopoulos.gr
Targets
-
-
Target
Our New Order July 07 2022 at 2.30_PVV440_PDF.exe
-
Size
1.2MB
-
MD5
66c648b8f759c6136a9bbe8fe8d33662
-
SHA1
705174e60e260ec728f4233f113e1dad5044c02d
-
SHA256
e1875dc29291738e0abbf10c6ae7d5dcc89f8bdaa69d3c252beab1c8c77e0cc6
-
SHA512
c863893b090eb0c314ff1818041f62277c6c91f792185158f29992a2d3ee1239e338a958d5426133b487e2a079c6fe1e130f233eac04af5ac0803af1cc167189
Score10/10-
Snake Keylogger Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-