General
-
Target
Product List.pdf.exe
-
Size
576KB
-
Sample
231130-aagdlaea44
-
MD5
4c1a56d4207ddd17311e364e37e43810
-
SHA1
0f6ad26e113f7376cfd9238b66ff8060f9b2fc18
-
SHA256
73758a3624c991066120f87112ac24abdb8fb0944718281f8ebd658f178133fe
-
SHA512
e9d6608b765989aa8ac5554cfb1c2ec4c0bd2c4f560052288b7f89cbc212f3770c6d62f6520d31d21f82500358a883cf7c4bbf8547f6b6325edbf00a8288fd2d
-
SSDEEP
12288:1nCCCCCCC8CpCPCCsCCwcopox4M0JYx4EnJm/+kjqu6UcvkSM2AuPdobflnqSBj:tCCCCCCC8CpCPCCsCCbefJw4sE/+TTMH
Static task
static1
Behavioral task
behavioral1
Sample
Product List.pdf.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Product List.pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
Product List.pdf.exe
-
Size
576KB
-
MD5
4c1a56d4207ddd17311e364e37e43810
-
SHA1
0f6ad26e113f7376cfd9238b66ff8060f9b2fc18
-
SHA256
73758a3624c991066120f87112ac24abdb8fb0944718281f8ebd658f178133fe
-
SHA512
e9d6608b765989aa8ac5554cfb1c2ec4c0bd2c4f560052288b7f89cbc212f3770c6d62f6520d31d21f82500358a883cf7c4bbf8547f6b6325edbf00a8288fd2d
-
SSDEEP
12288:1nCCCCCCC8CpCPCCsCCwcopox4M0JYx4EnJm/+kjqu6UcvkSM2AuPdobflnqSBj:tCCCCCCC8CpCPCCsCCbefJw4sE/+TTMH
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-