General
-
Target
Swift Copy#45362.pdf
-
Size
1.9MB
-
Sample
221129-mbzyjsch8x
-
MD5
224683fc01187cb3aa3cc0d9d355783d
-
SHA1
280160a249a71e812d47b589121483e35be74562
-
SHA256
3bfa6f5d089ba31cc497052c84fd300a94d2a995a715f6efb28be19f9a88fd7b
-
SHA512
84ae1b4a25d6c242d1a699caafd1d947dcb5a156782e20262fbb6808e32e3db389317dd2ec962b8c94844df3be5882bae305883145726c1d3813e72e480937be
-
SSDEEP
49152:oWALMAuRY8EuEqT/cX34Rl5ajr6POMJ/g7XBG:hFEdnOjVJ4VG
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy#45362.pdf
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Swift Copy#45362.pdf
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
Swift Copy#45362.pdf
-
Size
1.9MB
-
MD5
224683fc01187cb3aa3cc0d9d355783d
-
SHA1
280160a249a71e812d47b589121483e35be74562
-
SHA256
3bfa6f5d089ba31cc497052c84fd300a94d2a995a715f6efb28be19f9a88fd7b
-
SHA512
84ae1b4a25d6c242d1a699caafd1d947dcb5a156782e20262fbb6808e32e3db389317dd2ec962b8c94844df3be5882bae305883145726c1d3813e72e480937be
-
SSDEEP
49152:oWALMAuRY8EuEqT/cX34Rl5ajr6POMJ/g7XBG:hFEdnOjVJ4VG
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-