General
-
Target
P.O 3805.PDF.z
-
Size
494KB
-
Sample
230609-xwwrqsda93
-
MD5
7fca74aa3d889f511284042cd24ae33e
-
SHA1
08495d3af654659a8ac64d8b162bad4a64cbd470
-
SHA256
e89dcb9021fc349ad0a05bfdb6ebcdddb405d8f172aaa8f399f8ec0ab9c99d58
-
SHA512
fec61a46c0e9293628bf2a1c6ee8088b5cc4d05ddd514c53feb10ce070b9cd915aebef6883393fa5f90644dca6905a290da4123c5ca82d22f8576cbe9f8751cb
-
SSDEEP
12288:suiCWwNBt6DLGPUFXWc4jvtKjUBvlQl2ZQWJ:su4wNBt6DLGSWOjpPWJ
Static task
static1
Behavioral task
behavioral1
Sample
P.O 3805.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
P.O 3805.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
siamtmc.com - Port:
587 - Username:
sompong@siamtmc.com - Password:
s0mp0ng06
Extracted
snakekeylogger
Protocol: smtp- Host:
siamtmc.com - Port:
587 - Username:
sompong@siamtmc.com - Password:
s0mp0ng06 - Email To:
rufat@nep-az.com
Targets
-
-
Target
P.O 3805.exe
-
Size
820KB
-
MD5
15acff30d0935be4d601433d66db1734
-
SHA1
3f115bfb24158a31b475b4fa314c8a7ec476ab32
-
SHA256
3aba02f8b1e468adf8164eb3932c56bf1082cad0f3c94a9b315e51ced8526669
-
SHA512
bea047c63a4cdf85eebfb80cda7fb6f028f489053d4b2ad5ad88f7bc75d11641a9c454469d4f0b61a056ef3ad229e0a87b3a55d5d68fbc0706ddd68d076a9f4e
-
SSDEEP
6144:kECzU9V2fTa7sH/T1pJthdc31GlS/oZ/6fZUcHpVDDMhn6TFh/Dn3R4EVm8LMGsW:/aI31GeueJDMMFhjRxMGrd2UswtN3a
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-