General
-
Target
ekstre.pdf.exe
-
Size
973KB
-
Sample
230605-gj57msfa64
-
MD5
8f5b7d816bf02f0b212490cd37964d68
-
SHA1
27dbabd4a24a7aba91cfbf9c3bbc8547274b629a
-
SHA256
cb7556e08e424f6f324f59d32d473d3ce8efbd462f2b8f7448e4832ffefd7bf7
-
SHA512
75c6e1cdd1f30bad18ef70cc0eb39277e648dcacefedf40ed2d8143c365a4d82d8b336ba117f4060406017666faae428dca68ee4d3116075be454043e13f6b5b
-
SSDEEP
12288:m/ay9LAd0YKC902ncOXYeWvius6IEkmqxy:xl9j3XJYnsLmMy
Static task
static1
Behavioral task
behavioral1
Sample
ekstre.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ekstre.pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5990689485:AAF2-uAQqkGmyMf-HkQ_5G1q8B9Ce_oT6o0/sendMessage?chat_id=5726609491
Targets
-
-
Target
ekstre.pdf.exe
-
Size
973KB
-
MD5
8f5b7d816bf02f0b212490cd37964d68
-
SHA1
27dbabd4a24a7aba91cfbf9c3bbc8547274b629a
-
SHA256
cb7556e08e424f6f324f59d32d473d3ce8efbd462f2b8f7448e4832ffefd7bf7
-
SHA512
75c6e1cdd1f30bad18ef70cc0eb39277e648dcacefedf40ed2d8143c365a4d82d8b336ba117f4060406017666faae428dca68ee4d3116075be454043e13f6b5b
-
SSDEEP
12288:m/ay9LAd0YKC902ncOXYeWvius6IEkmqxy:xl9j3XJYnsLmMy
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-