General
-
Target
Musterino_96930826_Ekno_1_202311146214813_ekstre.pdf.exe
-
Size
826KB
-
Sample
231126-vb9rraae59
-
MD5
a25ba7095b79a87bedb01b874045470a
-
SHA1
4ccf21195e4242b9c35675ace7f27122eb88883f
-
SHA256
89c4d34808b79effab30b96880fabab56c4d53bfc77d51a1ee2f389340a5e4c3
-
SHA512
fc6ac7199da4c5986f31fb623fb6138aee4f9c3fbdf33dd9e74918a67508ae0dba3c439e5ac33f3794ed708de71a75d76a2dbb0f67c1f2bd58d102e08fff34db
-
SSDEEP
12288:OBa/mFiTEJ0+0OR8FCkotcyVItk4CZX0U6TWU5LDhi87dQuIAgNtNMZf5xnIKqS3:6IOXqr7dw1kEKq3ryoomBhS
Static task
static1
Behavioral task
behavioral1
Sample
Musterino_96930826_Ekno_1_202311146214813_ekstre.pdf.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Musterino_96930826_Ekno_1_202311146214813_ekstre.pdf.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6735527834:AAH3PffzMarE3Ys8tyS4SQ0IBXrHFKmsmnQ/sendMessage?chat_id=6692536703
Targets
-
-
Target
Musterino_96930826_Ekno_1_202311146214813_ekstre.pdf.exe
-
Size
826KB
-
MD5
a25ba7095b79a87bedb01b874045470a
-
SHA1
4ccf21195e4242b9c35675ace7f27122eb88883f
-
SHA256
89c4d34808b79effab30b96880fabab56c4d53bfc77d51a1ee2f389340a5e4c3
-
SHA512
fc6ac7199da4c5986f31fb623fb6138aee4f9c3fbdf33dd9e74918a67508ae0dba3c439e5ac33f3794ed708de71a75d76a2dbb0f67c1f2bd58d102e08fff34db
-
SSDEEP
12288:OBa/mFiTEJ0+0OR8FCkotcyVItk4CZX0U6TWU5LDhi87dQuIAgNtNMZf5xnIKqS3:6IOXqr7dw1kEKq3ryoomBhS
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-