General
-
Target
Numériserdesdocuments-pdf.exe
-
Size
1.2MB
-
Sample
221003-jptf5sdhe8
-
MD5
ec365631c495010c5778c61cd19548e4
-
SHA1
df734a197bc608aead433daae2982cb960071c7c
-
SHA256
76e4e5a30868f044e472e3151bf5995cb972d9da5f510819c5f48a985c9b85bc
-
SHA512
9e85252f4c4d0ff10f750725315789d52584916c24c2b93664c3b8f57e5b1ebd655530afe9f835ae9eb687ea10b385f225eac99e2d51ac3e4f46fddefc1b5d48
-
SSDEEP
12288:CF8zKnvglFPBs19wRSW/rkoSggwIqr/zbntNT33yfMMGW8vbVK4HTN:k+BBnrk7jCrL7PTykFW8
Static task
static1
Behavioral task
behavioral1
Sample
Numériserdesdocuments-pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Numériserdesdocuments-pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5387999448:AAENk6Reb2hxJqqD2rN6fIet7kanu0isfWg/sendMessage?chat_id=1413074050
Targets
-
-
Target
Numériserdesdocuments-pdf.exe
-
Size
1.2MB
-
MD5
ec365631c495010c5778c61cd19548e4
-
SHA1
df734a197bc608aead433daae2982cb960071c7c
-
SHA256
76e4e5a30868f044e472e3151bf5995cb972d9da5f510819c5f48a985c9b85bc
-
SHA512
9e85252f4c4d0ff10f750725315789d52584916c24c2b93664c3b8f57e5b1ebd655530afe9f835ae9eb687ea10b385f225eac99e2d51ac3e4f46fddefc1b5d48
-
SSDEEP
12288:CF8zKnvglFPBs19wRSW/rkoSggwIqr/zbntNT33yfMMGW8vbVK4HTN:k+BBnrk7jCrL7PTykFW8
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-