General
-
Target
invoice.pdf.tar
-
Size
530KB
-
Sample
221003-pvzs1afhak
-
MD5
7d5d0a61c06b0a6a6131dc6b65df0922
-
SHA1
7c242a41f9d44ee818b3057069b57ff45e0cbfb1
-
SHA256
de5524e002602c85af56f521a4a2603eeda26a07b0d756e1bbf782af46894915
-
SHA512
ccdefc5306d36fc40b0e74fbceb2a39f14c8ca73b584c77ec14f9ff5641e9b6589ce2491349eaef2b13bdf6536548a2d24d08873366a6609a6e9cba201bc8bac
-
SSDEEP
12288:AL2aOYbjckOPCSl2cnhP3fDQxacRx2u5fT4O1vL:GOYbjcgSlXhP3fDqPRxB5fTT
Static task
static1
Behavioral task
behavioral1
Sample
invoice.pdf.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
invoice.pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
office@stilltech.ro - Password:
eurobit555ro - Email To:
graceunlimited153@gmail.com
Targets
-
-
Target
invoice.pdf.exe
-
Size
904KB
-
MD5
96b5c612ab633e40acfe55268a05349f
-
SHA1
11ebc1a85ebced104266fd937157ce9dfeba9c2f
-
SHA256
cb2a2ca9c34ed19856b974b65ad163f37e49ab1cbe1471a5eec1db18a6b9c722
-
SHA512
8d7764df70fcd0d81f222071233e67b1d5e8179e00272a04bd1132feec0f5ba371e84a913132816539a0880383b71d0809b2c9e01dc50b6029022f80fb2606f0
-
SSDEEP
12288:b1Biym+qudxekIztQTgAeHwZFx0feIBHRn+KCGzhK4HTN:5BO+qowv0TZOfPHLp
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-