General
-
Target
FINAL BL.pdf.exe
-
Size
422KB
-
Sample
220706-zankcabaf8
-
MD5
9a903c6a1df5616594b6d64f6860fe37
-
SHA1
fad9c0dcce2c0be8617a016baa1bc8326a6c62f0
-
SHA256
4e0576bfe816a475d0a0e38a9c7456f8742d12f0c5a44a2244900214c37ad7e4
-
SHA512
e3b01982cadda9c864a0b68eef6955f632553bd1dc72a0e81191f26d1fd434544c81c02dfc925f856e178de776f3ef58840007fa77fbba9dad7bafbe13b3e419
Static task
static1
Behavioral task
behavioral1
Sample
FINAL BL.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FINAL BL.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1507062795:AAEBb0H5OYbp-dWwXk8ffQp0InjOhKxhpbU/sendMessage?chat_id=1663822858
Targets
-
-
Target
FINAL BL.pdf.exe
-
Size
422KB
-
MD5
9a903c6a1df5616594b6d64f6860fe37
-
SHA1
fad9c0dcce2c0be8617a016baa1bc8326a6c62f0
-
SHA256
4e0576bfe816a475d0a0e38a9c7456f8742d12f0c5a44a2244900214c37ad7e4
-
SHA512
e3b01982cadda9c864a0b68eef6955f632553bd1dc72a0e81191f26d1fd434544c81c02dfc925f856e178de776f3ef58840007fa77fbba9dad7bafbe13b3e419
Score10/10-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-