General
-
Target
854F1E97-5BDD-4A87-A566-33B9012D08E2 pdf.exe
-
Size
662KB
-
Sample
230807-qjcprsfd72
-
MD5
c117d5b5834bd2624b405d473c86a963
-
SHA1
927d62af4996de5729869bc50b571e2a8cc5fff0
-
SHA256
19663c25e9873f288152b6a990f0e1d315b7d076d4c62d1d184961d7232f94e5
-
SHA512
f7088bc086487ece04f67b64010135dff5a6570b66746312bff58220b81ec313a827500b83fd275217df18e3763afe3aa6bf7b6d661932d5f99c013581c9433e
-
SSDEEP
12288:8ep7sHEkolwsdvh82e1suhPTg40xjl6l2GRwLfQ9c:aZovhdDA8jxjl6RnS
Static task
static1
Behavioral task
behavioral1
Sample
854F1E97-5BDD-4A87-A566-33B9012D08E2 pdf.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
854F1E97-5BDD-4A87-A566-33B9012D08E2 pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6400401861:AAHzywDQVA6oWh8Aa9-h_qQEJJmgrfSwFvM/sendMessage?chat_id=1467583453
Targets
-
-
Target
854F1E97-5BDD-4A87-A566-33B9012D08E2 pdf.exe
-
Size
662KB
-
MD5
c117d5b5834bd2624b405d473c86a963
-
SHA1
927d62af4996de5729869bc50b571e2a8cc5fff0
-
SHA256
19663c25e9873f288152b6a990f0e1d315b7d076d4c62d1d184961d7232f94e5
-
SHA512
f7088bc086487ece04f67b64010135dff5a6570b66746312bff58220b81ec313a827500b83fd275217df18e3763afe3aa6bf7b6d661932d5f99c013581c9433e
-
SSDEEP
12288:8ep7sHEkolwsdvh82e1suhPTg40xjl6l2GRwLfQ9c:aZovhdDA8jxjl6RnS
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-