General
-
Target
P20221003.10-03-22.pdf.exe
-
Size
800KB
-
Sample
221003-jptf5sfdcl
-
MD5
1d6ae298785d1bf86b6f6ee0444bf2e1
-
SHA1
1da339188e32284ac3ad994d0eabb8cefee51e3c
-
SHA256
9cad0a5b9895504044ad8a18086d5ef9a5ad3d48d83cfbe7f216b596ed0a8716
-
SHA512
6b67b82b3fa6067803c4bef7e2ff27a143f693439926bfed1c297a89fb9a43179b1dc46c6f63c3331ec3f91dd172cd04bc22231342b463ca783973b3ba4be258
-
SSDEEP
12288:GK4HTN24WqmpOvD++3hRfSmAeQAm/X6CLsskQ++A:XpPQR8AmyCmQ++A
Static task
static1
Behavioral task
behavioral1
Sample
P20221003.10-03-22.pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
P20221003.10-03-22.pdf.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ckjksb.com - Port:
587 - Username:
jannah@ckjksb.com - Password:
123@ckjksb456 - Email To:
aguzziisnc@gmail.com
Targets
-
-
Target
P20221003.10-03-22.pdf.exe
-
Size
800KB
-
MD5
1d6ae298785d1bf86b6f6ee0444bf2e1
-
SHA1
1da339188e32284ac3ad994d0eabb8cefee51e3c
-
SHA256
9cad0a5b9895504044ad8a18086d5ef9a5ad3d48d83cfbe7f216b596ed0a8716
-
SHA512
6b67b82b3fa6067803c4bef7e2ff27a143f693439926bfed1c297a89fb9a43179b1dc46c6f63c3331ec3f91dd172cd04bc22231342b463ca783973b3ba4be258
-
SSDEEP
12288:GK4HTN24WqmpOvD++3hRfSmAeQAm/X6CLsskQ++A:XpPQR8AmyCmQ++A
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-