General
-
Target
Factura_231148 pdf.exe
-
Size
574KB
-
Sample
230721-gh17ascb78
-
MD5
beed5338f8123aabbcece5bbd78df8ab
-
SHA1
03835af11104c6a808a0ce579ee70a2c7708ac95
-
SHA256
d69bc8ffc72d96bb22010de1922d88a55c184962abed3dd9f409111ca083cfaf
-
SHA512
82dbb764a9d813039c1bb19ff4adc294d431fcd082c8ee39d052b152b06e285fbf3fb1bf762560d83f16d53c531430fc34ece05191f0aa73fc304aa83caff8c6
-
SSDEEP
12288:aS6ln+flo/XciMvJdRMmFZa4aI6aA93pPJUgJiIYK2YNHn:vTdCjEJLfkVIapPvJi+pp
Static task
static1
Behavioral task
behavioral1
Sample
Factura_231148 pdf.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Factura_231148 pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.qbangra.com - Port:
587 - Username:
[email protected] - Password:
QBangra2020 - Email To:
[email protected]
Targets
-
-
Target
Factura_231148 pdf.exe
-
Size
574KB
-
MD5
beed5338f8123aabbcece5bbd78df8ab
-
SHA1
03835af11104c6a808a0ce579ee70a2c7708ac95
-
SHA256
d69bc8ffc72d96bb22010de1922d88a55c184962abed3dd9f409111ca083cfaf
-
SHA512
82dbb764a9d813039c1bb19ff4adc294d431fcd082c8ee39d052b152b06e285fbf3fb1bf762560d83f16d53c531430fc34ece05191f0aa73fc304aa83caff8c6
-
SSDEEP
12288:aS6ln+flo/XciMvJdRMmFZa4aI6aA93pPJUgJiIYK2YNHn:vTdCjEJLfkVIapPvJi+pp
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-