General
-
Target
Invoice Packing List.exe
-
Size
524KB
-
Sample
230508-p4mvsscd9y
-
MD5
ba8e82ee343944e5f003998f14307d39
-
SHA1
0c142d521a55cd52435f4b65742acf7974f29abc
-
SHA256
99b2648789b255b806ad8ef3e1452db4ababbf42e2cb91c94cf1d34cab808292
-
SHA512
f0add3c776c864824f55396300de482195556894493bc7c515021ad3dc8f10f1eb149d15b5b7e774815a9fc9c92abdab9c4804c76fbddec84191bd581602dd20
-
SSDEEP
12288:N1z81PvJd8CMPUkWRTlMp9GUhb+oUezpjDi5:rzWJhegRTlKQUhbFUApj
Static task
static1
Behavioral task
behavioral1
Sample
Invoice Packing List.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Invoice Packing List.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
argona.ro - Port:
26 - Username:
[email protected] - Password:
Argona12!@ - Email To:
[email protected]
Targets
-
-
Target
Invoice Packing List.exe
-
Size
524KB
-
MD5
ba8e82ee343944e5f003998f14307d39
-
SHA1
0c142d521a55cd52435f4b65742acf7974f29abc
-
SHA256
99b2648789b255b806ad8ef3e1452db4ababbf42e2cb91c94cf1d34cab808292
-
SHA512
f0add3c776c864824f55396300de482195556894493bc7c515021ad3dc8f10f1eb149d15b5b7e774815a9fc9c92abdab9c4804c76fbddec84191bd581602dd20
-
SSDEEP
12288:N1z81PvJd8CMPUkWRTlMp9GUhb+oUezpjDi5:rzWJhegRTlKQUhbFUApj
-
Snake Keylogger payload
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-