General
-
Target
TBN PDA quotation for discharging cement_pdf.exe
-
Size
1.0MB
-
Sample
231006-v9jm8agg84
-
MD5
b74a162efe4f52f43cc67d126c2f8d77
-
SHA1
f01917d3ac9397cf878d389b34da3d738894b627
-
SHA256
2bc4b7908e49fb1b4bcee9fd51702a318423945423b88ce55dd28ef949e2ed27
-
SHA512
446efc78726d511c79daae46449c19e96aefddeb1d08914f4e207b28377837a004bf0b87b46025a18845704af613651e273485d356e5e646946a92af711831f8
-
SSDEEP
24576:q1ChsCThcQJJTrYJlLs+vjKBUbgh5jBcxG:qwyClcOJTEJNgVFc
Static task
static1
Behavioral task
behavioral1
Sample
TBN PDA quotation for discharging cement_pdf.exe
Resource
win10-20230915-en
Behavioral task
behavioral2
Sample
TBN PDA quotation for discharging cement_pdf.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.eversafe.pt - Port:
587 - Username:
[email protected] - Password:
Ev3rsaf3_2021 - Email To:
[email protected]
Targets
-
-
Target
TBN PDA quotation for discharging cement_pdf.exe
-
Size
1.0MB
-
MD5
b74a162efe4f52f43cc67d126c2f8d77
-
SHA1
f01917d3ac9397cf878d389b34da3d738894b627
-
SHA256
2bc4b7908e49fb1b4bcee9fd51702a318423945423b88ce55dd28ef949e2ed27
-
SHA512
446efc78726d511c79daae46449c19e96aefddeb1d08914f4e207b28377837a004bf0b87b46025a18845704af613651e273485d356e5e646946a92af711831f8
-
SSDEEP
24576:q1ChsCThcQJJTrYJlLs+vjKBUbgh5jBcxG:qwyClcOJTEJNgVFc
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-