General
-
Target
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
-
Size
531KB
-
Sample
231022-h7tn7afg93
-
MD5
1547a83da18ae73b5570ced53296b7d3
-
SHA1
d24f9c3a567142783e20869bfbb44e8e84aa657d
-
SHA256
da16aec5cb0b5b984a32e4ca45a32a73266ca3e6148aedee8758de7f0ba66df3
-
SHA512
30c930d5caf6f0c839966694966cd2591e4f7a7a742c0fecc68e8077d25b57acb5620b0fbb6e1217c85d4f4f3840e574f6d80da9cfc298f91b78720eb88c160d
-
SSDEEP
12288:K60q1vjJGGna1WWgQ94bMYDLpzSr+MtL0NVS1eLVj/tWjFB1:T0q1LJ1na1teIYHpmr+igPooNMD1
Static task
static1
Behavioral task
behavioral1
Sample
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.megakarsa.com - Port:
587 - Username:
[email protected] - Password:
f1n4nc3m3g4k4Rs4 - Email To:
[email protected]
Targets
-
-
Target
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
-
Size
531KB
-
MD5
1547a83da18ae73b5570ced53296b7d3
-
SHA1
d24f9c3a567142783e20869bfbb44e8e84aa657d
-
SHA256
da16aec5cb0b5b984a32e4ca45a32a73266ca3e6148aedee8758de7f0ba66df3
-
SHA512
30c930d5caf6f0c839966694966cd2591e4f7a7a742c0fecc68e8077d25b57acb5620b0fbb6e1217c85d4f4f3840e574f6d80da9cfc298f91b78720eb88c160d
-
SSDEEP
12288:K60q1vjJGGna1WWgQ94bMYDLpzSr+MtL0NVS1eLVj/tWjFB1:T0q1LJ1na1teIYHpmr+igPooNMD1
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-