General
-
Target
Product.doc
-
Size
12KB
-
Sample
221003-jspx5afeen
-
MD5
b71c27461a268a9924bc9023e6d8c9c7
-
SHA1
41b4173e0f0b113652f21e17f6d244018d306dd7
-
SHA256
db29b5d2b424eaaa74615c5b004715afae1547951cb833b304a47bf170b568fc
-
SHA512
b1365044162d6acebf63d4b731a317d875a8df97df19ba9c00ab90151f81cd1cffad7810c81b682ed0ea446a12ce0c2d957ec3526d37725fc39205e83dfa8e11
-
SSDEEP
384:HzAeucAd764jm3e+F+HU0k4Seb5WoBX2LO1PRqYdjQ:TAeucaHAFkUiVX2SJRhdM
Static task
static1
Behavioral task
behavioral1
Sample
Product.rtf
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Product.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arinzelog@steuler-kch.org - Password:
7213575aceACE@#$ - Email To:
arinze@steuler-kch.org
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
Product.doc
-
Size
12KB
-
MD5
b71c27461a268a9924bc9023e6d8c9c7
-
SHA1
41b4173e0f0b113652f21e17f6d244018d306dd7
-
SHA256
db29b5d2b424eaaa74615c5b004715afae1547951cb833b304a47bf170b568fc
-
SHA512
b1365044162d6acebf63d4b731a317d875a8df97df19ba9c00ab90151f81cd1cffad7810c81b682ed0ea446a12ce0c2d957ec3526d37725fc39205e83dfa8e11
-
SSDEEP
384:HzAeucAd764jm3e+F+HU0k4Seb5WoBX2LO1PRqYdjQ:TAeucaHAFkUiVX2SJRhdM
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-