General
-
Target
Swift pdf.exe
-
Size
13KB
-
Sample
220706-ta2t3sgfc2
-
MD5
219b51d27650e58e806ecbea4a5464d2
-
SHA1
72cb9e74cd88eea0e18a02e54ca7e54557b0932b
-
SHA256
4f0b01acb78ac9daaa0aa4a4ea8d189c1e815c474cda04c8d97591b754cf9375
-
SHA512
2c413f65f672ac7225c8a2fd92063beda19caa914f416173f69eb4985a785291951aaaf292f2e9bf3489a70b4c228cc86d2f5d98b4f01cdfc491f6289d7b2cbd
Static task
static1
Behavioral task
behavioral1
Sample
Swift pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5412895406:AAEj-XWjEH6Xgz-M_j2Kpqqdv6KOeN4GaH0/sendMessage?chat_id=1467583453
Targets
-
-
Target
Swift pdf.exe
-
Size
13KB
-
MD5
219b51d27650e58e806ecbea4a5464d2
-
SHA1
72cb9e74cd88eea0e18a02e54ca7e54557b0932b
-
SHA256
4f0b01acb78ac9daaa0aa4a4ea8d189c1e815c474cda04c8d97591b754cf9375
-
SHA512
2c413f65f672ac7225c8a2fd92063beda19caa914f416173f69eb4985a785291951aaaf292f2e9bf3489a70b4c228cc86d2f5d98b4f01cdfc491f6289d7b2cbd
Score10/10-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-