General
-
Target
dekont01.pdf.exe
-
Size
45KB
-
Sample
231108-jttmpsfh6x
-
MD5
9fe90352b5568c0e6dfcb13b3ee42d11
-
SHA1
a401b5d5e6cbbffbef790671e2b23a12dbdf9b11
-
SHA256
a81d0416627292e99a85890bfec8ccb7cded9d59c48e106e0bd7e0970dc0e007
-
SHA512
aba5aeb0037aaa89d50ece38b8000fe4e697e7d3cbed0a86acd241afe3e8b7b0076c61f18fd57a482a21ff72d314c43b0028043393d35138a2798ccab04023ad
-
SSDEEP
768:qttX9DMsY7obZMe/H4RBtA3rs4nMWp/YI4XuMI/t6nOa6Tyo:8YUPEfA7sL9o1t6Oa/o
Static task
static1
Behavioral task
behavioral1
Sample
dekont01.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
dekont01.pdf.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6665362842:AAG0pFaR7HRKKztCR5GZinjteZ-4ePeXCWM/sendMessage?chat_id=1467583453
Targets
-
-
Target
dekont01.pdf.exe
-
Size
45KB
-
MD5
9fe90352b5568c0e6dfcb13b3ee42d11
-
SHA1
a401b5d5e6cbbffbef790671e2b23a12dbdf9b11
-
SHA256
a81d0416627292e99a85890bfec8ccb7cded9d59c48e106e0bd7e0970dc0e007
-
SHA512
aba5aeb0037aaa89d50ece38b8000fe4e697e7d3cbed0a86acd241afe3e8b7b0076c61f18fd57a482a21ff72d314c43b0028043393d35138a2798ccab04023ad
-
SSDEEP
768:qttX9DMsY7obZMe/H4RBtA3rs4nMWp/YI4XuMI/t6nOa6Tyo:8YUPEfA7sL9o1t6Oa/o
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-