General
-
Target
Invoice and Packing List.doc
-
Size
11KB
-
Sample
221004-admpsadbhr
-
MD5
06e10f3fce4796770b76d377bd7771f6
-
SHA1
1a1a8ebd2069d5eb6398d3aaca4664355d97ffb9
-
SHA256
42487bd90d60cc3c61a5af0a126f8e2e4a855e680099d1a6fda96eb658645026
-
SHA512
96dc85090e60d99e27362451768e12f6c661b30c7c8e4729159ffde3baee2523d662eacf76b2273b3a4ef8e5fd1df9317fcbd6e27c3df21b8abc379da883ad13
-
SSDEEP
192:PUOHmYnerLSeHJx7EswiUcvaqVlHz3WbMr6TcxyUNDViT6QkfF:8OHmaenSeHJxgsdvaUHzmbM0cxyUN0du
Static task
static1
Behavioral task
behavioral1
Sample
Invoice and Packing List.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Invoice and Packing List.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
Invoice and Packing List.doc
-
Size
11KB
-
MD5
06e10f3fce4796770b76d377bd7771f6
-
SHA1
1a1a8ebd2069d5eb6398d3aaca4664355d97ffb9
-
SHA256
42487bd90d60cc3c61a5af0a126f8e2e4a855e680099d1a6fda96eb658645026
-
SHA512
96dc85090e60d99e27362451768e12f6c661b30c7c8e4729159ffde3baee2523d662eacf76b2273b3a4ef8e5fd1df9317fcbd6e27c3df21b8abc379da883ad13
-
SSDEEP
192:PUOHmYnerLSeHJx7EswiUcvaqVlHz3WbMr6TcxyUNDViT6QkfF:8OHmaenSeHJxgsdvaUHzmbM0cxyUN0du
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-