General
-
Target
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
-
Size
610KB
-
Sample
231011-x7f6esgg8z
-
MD5
5636aab70daf85f7578b60fb7e504c6b
-
SHA1
bb65bdf417bce4de922db81a6e99d509a1990236
-
SHA256
8fdfe5bcc7f4ae9810621398a1a46fcf84e93c71c2c841b3c2d8463e9627982f
-
SHA512
e7ed6698c7415c962bcb0c3e1f677e438a8e16c4794cc9cd412a8d6f2631c6324c18020ce23db473f281e45f5f9143e3d13cf8612f2ddbf8e14af3316dbe6a7f
-
SSDEEP
12288:ecX9Kn46dkpV8SFZL+B0j6SHPn2WhqoK9:ectY4x8SFIB45/2Tb
Static task
static1
Behavioral task
behavioral1
Sample
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.megakarsa.com - Port:
587 - Username:
[email protected] - Password:
f1n4nc3m3g4k4Rs4 - Email To:
[email protected]
Targets
-
-
Target
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
-
Size
610KB
-
MD5
5636aab70daf85f7578b60fb7e504c6b
-
SHA1
bb65bdf417bce4de922db81a6e99d509a1990236
-
SHA256
8fdfe5bcc7f4ae9810621398a1a46fcf84e93c71c2c841b3c2d8463e9627982f
-
SHA512
e7ed6698c7415c962bcb0c3e1f677e438a8e16c4794cc9cd412a8d6f2631c6324c18020ce23db473f281e45f5f9143e3d13cf8612f2ddbf8e14af3316dbe6a7f
-
SSDEEP
12288:ecX9Kn46dkpV8SFZL+B0j6SHPn2WhqoK9:ectY4x8SFIB45/2Tb
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-