General
-
Target
NEW890019928200019119882829-PDF.exe
-
Size
387KB
-
Sample
221123-zqzmjsgf2x
-
MD5
abba6f3a66795534c78e8f4a9240affe
-
SHA1
732c300ac93704f194ac403009ffb9034f5e1957
-
SHA256
66242b095b2cfb53b52d1743a42aaa9fd94c6b53f58869c4b1c9d893a541e3a6
-
SHA512
4d50f9be5418a5babf01ecc2d52b7322883700d26455243e912a3a06b496cdfeb1b8bb5a6036cfd8baa6668012b2869c04ba946936fe4f5958179e4cf266044a
-
SSDEEP
12288:PQXbWUIehwKt8+QBDGVdKOGFXMwBSVyppZ1o:4LauwKtTQBDGVdKOGFzYVD
Static task
static1
Behavioral task
behavioral1
Sample
NEW890019928200019119882829-PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
NEW890019928200019119882829-PDF.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
NEW890019928200019119882829-PDF.exe
-
Size
387KB
-
MD5
abba6f3a66795534c78e8f4a9240affe
-
SHA1
732c300ac93704f194ac403009ffb9034f5e1957
-
SHA256
66242b095b2cfb53b52d1743a42aaa9fd94c6b53f58869c4b1c9d893a541e3a6
-
SHA512
4d50f9be5418a5babf01ecc2d52b7322883700d26455243e912a3a06b496cdfeb1b8bb5a6036cfd8baa6668012b2869c04ba946936fe4f5958179e4cf266044a
-
SSDEEP
12288:PQXbWUIehwKt8+QBDGVdKOGFXMwBSVyppZ1o:4LauwKtTQBDGVdKOGFzYVD
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-