General
-
Target
987654345789098765.PDF..0987PDF..exe
-
Size
556KB
-
Sample
231101-g6mc2sbe7t
-
MD5
e1fb2289b6f908395174f732fc2adca8
-
SHA1
fde24804f26d70c28219c12615be96d544beda1c
-
SHA256
00308ca925c73beec6b8c62befd7da021f911f3ad7edc64bd90d9f3a85c766bd
-
SHA512
0fe82e407738e7742b4162984bf3ebde351a08dea8d607c356247ee27dfbbba3432bc390eb96a4ff7331f935f28701923744779db31edbf8e3e2b62a3631943f
-
SSDEEP
12288:OXPZ4X2yOhtAH+4KL9EqmD3iD0/yAcGlG3z4O7Wm75:Jom+4K5EHiA/y//zHS65
Static task
static1
Behavioral task
behavioral1
Sample
987654345789098765.PDF..0987PDF..exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
987654345789098765.PDF..0987PDF..exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
[email protected] - Password:
010203sienka++
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
[email protected] - Password:
010203sienka++ - Email To:
[email protected]
Targets
-
-
Target
987654345789098765.PDF..0987PDF..exe
-
Size
556KB
-
MD5
e1fb2289b6f908395174f732fc2adca8
-
SHA1
fde24804f26d70c28219c12615be96d544beda1c
-
SHA256
00308ca925c73beec6b8c62befd7da021f911f3ad7edc64bd90d9f3a85c766bd
-
SHA512
0fe82e407738e7742b4162984bf3ebde351a08dea8d607c356247ee27dfbbba3432bc390eb96a4ff7331f935f28701923744779db31edbf8e3e2b62a3631943f
-
SSDEEP
12288:OXPZ4X2yOhtAH+4KL9EqmD3iD0/yAcGlG3z4O7Wm75:Jom+4K5EHiA/y//zHS65
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-