General
-
Target
Invoice.pdf.exe
-
Size
801KB
-
Sample
221003-jptf5sfdcj
-
MD5
0ac8dc57afaa12f8955181cc440f7ba0
-
SHA1
62d76547c347a9055345dea624e8470c0c4ed418
-
SHA256
f5ab7866190abc14eddca1da11101e7f76ff08abce7c73350f15fd6f5ceda77a
-
SHA512
fb8f23bed536a0d5b1dd25060ccfabea7eaefcb7c1913b40a11e525bf06b3d20992c77916a43501f812ca2f04d68fd130e04c17aa19820e332e2f1098128c20b
-
SSDEEP
6144:3pCJwYYJJD5GZ1E+nIIL6O4jUXypxhgRSHehXI2hz7YWwV0CUPNgqede3sMhOG3B:55KGOIUzRhXI2hgrnUpCe3NrnK4HTN
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Invoice.pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
office@stilltech.ro - Password:
eurobit555ro - Email To:
graceunlimited153@gmail.com
Targets
-
-
Target
Invoice.pdf.exe
-
Size
801KB
-
MD5
0ac8dc57afaa12f8955181cc440f7ba0
-
SHA1
62d76547c347a9055345dea624e8470c0c4ed418
-
SHA256
f5ab7866190abc14eddca1da11101e7f76ff08abce7c73350f15fd6f5ceda77a
-
SHA512
fb8f23bed536a0d5b1dd25060ccfabea7eaefcb7c1913b40a11e525bf06b3d20992c77916a43501f812ca2f04d68fd130e04c17aa19820e332e2f1098128c20b
-
SSDEEP
6144:3pCJwYYJJD5GZ1E+nIIL6O4jUXypxhgRSHehXI2hz7YWwV0CUPNgqede3sMhOG3B:55KGOIUzRhXI2hgrnUpCe3NrnK4HTN
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-