General
-
Target
Profoma Invoice.exe
-
Size
573KB
-
Sample
230721-gjk7gacb84
-
MD5
32066cad8da6902c0310d21a62b94357
-
SHA1
d43059b280e581062b560888e0dc8e8ff1169453
-
SHA256
f971bcac3dd8bf23d93da9098047772d5326366cd28dfea957acb7f7703dbde3
-
SHA512
7a1ded686a891f1084b8939e42b8f11dae914c89e4b762868bdfcc86d28d0955a461a8024b4cdd3ae2bee917dc648d4dc4c70a53f4f8c5393d33ca8cb4f1626d
-
SSDEEP
12288:mS6ln+flo/XciMvy3symu3sSTbaGcVpf4uyu4OJnliyFu:bTdCjEyPmu8SCGcVp4DKnwd
Static task
static1
Behavioral task
behavioral1
Sample
Profoma Invoice.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Profoma Invoice.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.satnet.net - Port:
587 - Username:
[email protected] - Password:
reve1563
Targets
-
-
Target
Profoma Invoice.exe
-
Size
573KB
-
MD5
32066cad8da6902c0310d21a62b94357
-
SHA1
d43059b280e581062b560888e0dc8e8ff1169453
-
SHA256
f971bcac3dd8bf23d93da9098047772d5326366cd28dfea957acb7f7703dbde3
-
SHA512
7a1ded686a891f1084b8939e42b8f11dae914c89e4b762868bdfcc86d28d0955a461a8024b4cdd3ae2bee917dc648d4dc4c70a53f4f8c5393d33ca8cb4f1626d
-
SSDEEP
12288:mS6ln+flo/XciMvy3symu3sSTbaGcVpf4uyu4OJnliyFu:bTdCjEyPmu8SCGcVp4DKnwd
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-