General
-
Target
purchase order.pdf.z.exe
-
Size
574KB
-
Sample
230721-gjk7gacb79
-
MD5
46ffb2ad4f371112f97e4cd4e3ce0a20
-
SHA1
7417d39508785f418a6842793d161923355fd2d8
-
SHA256
1ac4313c22a4b7098e5a93a662554c23d0c2fc1fc4b7e5a6951b69d4f95e799b
-
SHA512
b4112df17f80d62d920043a83130e4e1e9a143daa26de26b613d44bf218be892d1659218e2c1b6aef1699cd6bb07887eb33d40283b1460a79d0fd33d41ad8f66
-
SSDEEP
12288:HS6ln+flo/XciMv26Imbb9AeBcJWlnXGGPixW04Q2UL6qd2WaIgn6LE4:yTdCjECmbRAKcsgXjPax6LE4
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.pdf.z.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
purchase order.pdf.z.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.kovarviajes.com - Port:
587 - Username:
[email protected] - Password:
P4tt1kr
Targets
-
-
Target
purchase order.pdf.z.exe
-
Size
574KB
-
MD5
46ffb2ad4f371112f97e4cd4e3ce0a20
-
SHA1
7417d39508785f418a6842793d161923355fd2d8
-
SHA256
1ac4313c22a4b7098e5a93a662554c23d0c2fc1fc4b7e5a6951b69d4f95e799b
-
SHA512
b4112df17f80d62d920043a83130e4e1e9a143daa26de26b613d44bf218be892d1659218e2c1b6aef1699cd6bb07887eb33d40283b1460a79d0fd33d41ad8f66
-
SSDEEP
12288:HS6ln+flo/XciMv26Imbb9AeBcJWlnXGGPixW04Q2UL6qd2WaIgn6LE4:yTdCjECmbRAKcsgXjPax6LE4
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-