General
-
Target
invoice.pdf.z.exe
-
Size
624KB
-
Sample
230721-gh17asch2t
-
MD5
81b9b82b55d384d8812d7a92cc0092b2
-
SHA1
5edf5cd9b5ad2a6c1eb8c8ec493eb881e12225d4
-
SHA256
62b09bf1931ef9545b10b0bae3eb45a9896fec6add45690ddf95074378e71528
-
SHA512
4b483f7c0841257d6a002dbaa74c2c4a5ee20c06cea2804415b04424032f59e2de46410435917670b5d951559a043a29bf796dda189f0f14e814e011cc086208
-
SSDEEP
12288:lWc/bUYIsYolnn4ZgILMRP5M2QGEG1AhjfXFDznQSR/hZHPv+:QiXrYoJ4ZfLWPeGp+pf9nXHxv
Static task
static1
Behavioral task
behavioral1
Sample
invoice.pdf.z.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
invoice.pdf.z.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.kovarviajes.com - Port:
587 - Username:
[email protected] - Password:
P4tt1kr
Targets
-
-
Target
invoice.pdf.z.exe
-
Size
624KB
-
MD5
81b9b82b55d384d8812d7a92cc0092b2
-
SHA1
5edf5cd9b5ad2a6c1eb8c8ec493eb881e12225d4
-
SHA256
62b09bf1931ef9545b10b0bae3eb45a9896fec6add45690ddf95074378e71528
-
SHA512
4b483f7c0841257d6a002dbaa74c2c4a5ee20c06cea2804415b04424032f59e2de46410435917670b5d951559a043a29bf796dda189f0f14e814e011cc086208
-
SSDEEP
12288:lWc/bUYIsYolnn4ZgILMRP5M2QGEG1AhjfXFDznQSR/hZHPv+:QiXrYoJ4ZfLWPeGp+pf9nXHxv
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-