General
-
Target
Swift copy.pdf.exe
-
Size
966KB
-
Sample
221003-qnc64ahbcn
-
MD5
1afdb088b33627b9abeb74f58832469a
-
SHA1
8053a66a53d4b1a02bd1fe84e94fa5521a013e1e
-
SHA256
9559b033b86a453e358c4d4aa01dc753e302832d0f42e86ddf6a9f39ef3b92c9
-
SHA512
a1de2d92813b21babee077f23057ca2f9e9b39a979330af9955eafad99598b7ef530c18540c4c7ee1d84d23e89dc27ee701218d306f6bee15d6cefdabf0754bb
-
SSDEEP
12288:m1qf32iNKK4HTNACsoD9BjoZrUyknYlG2d3t4MX:m8f31ZJoDMZrUvYlG2t4M
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Swift copy.pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ckjksb.com - Port:
587 - Username:
jannah@ckjksb.com - Password:
123@ckjksb456 - Email To:
aguzziisnc@gmail.com
Targets
-
-
Target
Swift copy.pdf.exe
-
Size
966KB
-
MD5
1afdb088b33627b9abeb74f58832469a
-
SHA1
8053a66a53d4b1a02bd1fe84e94fa5521a013e1e
-
SHA256
9559b033b86a453e358c4d4aa01dc753e302832d0f42e86ddf6a9f39ef3b92c9
-
SHA512
a1de2d92813b21babee077f23057ca2f9e9b39a979330af9955eafad99598b7ef530c18540c4c7ee1d84d23e89dc27ee701218d306f6bee15d6cefdabf0754bb
-
SSDEEP
12288:m1qf32iNKK4HTNACsoD9BjoZrUyknYlG2d3t4MX:m8f31ZJoDMZrUvYlG2t4M
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-