General
-
Target
RFQ-210934039200RFQ492919_pdf.rar
-
Size
257KB
-
Sample
231013-zswnnsac7t
-
MD5
93d613a1f3e8b769bb7257ece098c10d
-
SHA1
250a8298c5b8a9cef390caa7fbe5bf36fd539056
-
SHA256
246e7c8ac80daab00e7843b2be3a9ea582c5473efb37af1a5bdcc9c21e94a42f
-
SHA512
4ab60509e482fbf8d11550e2ef67584fcfa0efc566470daba7cdcadcec6b34d521b9c2561da6ec032496e94266ad2e7acb34b4bd3170cca5c9e67747bc3437f1
-
SSDEEP
6144:XCQNtP3mktVoGQwC1cO2kcqVFIcgZR+WmvEPEl/:RL3mkzoGo+kucgjVk75
Static task
static1
Behavioral task
behavioral1
Sample
xeaa.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
xeaa.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.1tcl.com - Port:
25 - Username:
[email protected] - Password:
RRa*ysS8
Targets
-
-
Target
xeaa.exe
-
Size
587KB
-
MD5
80fcd9ed15de00c8b2741fb9f23194fb
-
SHA1
d9d6055ec575d3feacdea68f8f802594fa15b062
-
SHA256
f9dc0ae354f8db63f7cf68e7bc5139a7e9f24dc16c333206269c45f7e3c4e2a9
-
SHA512
a2bccbe3c11ca2d61e164078933da927f7b604baf997fdc3e25087e193de0cdc05369cc3a6e70e87ec3c410005151e0ae25d352f1595cb01d60f35730f5c0f1b
-
SSDEEP
12288:LODphClGCx5AisTCgti4srpKC8t35dxC:LXgti4Gh8l5dxC
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-