General
-
Target
Purchase Order No.89006993.pdf.exe
-
Size
525KB
-
Sample
230508-p47vzacd9z
-
MD5
642c03d1224483f2ba16da4a691100f7
-
SHA1
9b13434cb7918cd7189b79b1db5c06e83d1b6336
-
SHA256
b050f56ceec41d0c409065b66cf598cbaf75a565afab1b47552624e085a3a9c4
-
SHA512
ff4f0e171e39baad90a30f1ee83da18bed1e960960eca691bbd1243cb0c7839478d5216a469d3c7780b31220b4d657a5992fa02dd372a6e85dc7e9a5fbd6b1ac
-
SSDEEP
6144:7WhOS6fwOVienfQoWBzXvJLnpPiQYOi0VyJnHVf1b2ce9KjgkjePrkWCG7bSmah3:BLfWF/BB+1f1ukj6AIa+nudUjc
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order No.89006993.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Purchase Order No.89006993.pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6211421153:AAHeRHp_sRbnZsNC_iCcj1JzI0_X_zXJLFA/sendMessage?chat_id=2126102657
Targets
-
-
Target
Purchase Order No.89006993.pdf.exe
-
Size
525KB
-
MD5
642c03d1224483f2ba16da4a691100f7
-
SHA1
9b13434cb7918cd7189b79b1db5c06e83d1b6336
-
SHA256
b050f56ceec41d0c409065b66cf598cbaf75a565afab1b47552624e085a3a9c4
-
SHA512
ff4f0e171e39baad90a30f1ee83da18bed1e960960eca691bbd1243cb0c7839478d5216a469d3c7780b31220b4d657a5992fa02dd372a6e85dc7e9a5fbd6b1ac
-
SSDEEP
6144:7WhOS6fwOVienfQoWBzXvJLnpPiQYOi0VyJnHVf1b2ce9KjgkjePrkWCG7bSmah3:BLfWF/BB+1f1ukj6AIa+nudUjc
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-