Overview

overview

10

Static

static

3

Product List.pdf.exe

windows7-x64

10

Product List.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Product List.pdf.exe

  • Size

    576KB

  • Sample

    231130-hn7rpsha2v

  • MD5

    4c1a56d4207ddd17311e364e37e43810

  • SHA1

    0f6ad26e113f7376cfd9238b66ff8060f9b2fc18

  • SHA256

    73758a3624c991066120f87112ac24abdb8fb0944718281f8ebd658f178133fe

  • SHA512

    e9d6608b765989aa8ac5554cfb1c2ec4c0bd2c4f560052288b7f89cbc212f3770c6d62f6520d31d21f82500358a883cf7c4bbf8547f6b6325edbf00a8288fd2d

  • SSDEEP

    12288:1nCCCCCCC8CpCPCCsCCwcopox4M0JYx4EnJm/+kjqu6UcvkSM2AuPdobflnqSBj:tCCCCCCC8CpCPCCsCCbefJw4sE/+TTMH

Score
10/10
snakekeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Product List.pdf.exe

    • Size

      576KB

    • MD5

      4c1a56d4207ddd17311e364e37e43810

    • SHA1

      0f6ad26e113f7376cfd9238b66ff8060f9b2fc18

    • SHA256

      73758a3624c991066120f87112ac24abdb8fb0944718281f8ebd658f178133fe

    • SHA512

      e9d6608b765989aa8ac5554cfb1c2ec4c0bd2c4f560052288b7f89cbc212f3770c6d62f6520d31d21f82500358a883cf7c4bbf8547f6b6325edbf00a8288fd2d

    • SSDEEP

      12288:1nCCCCCCC8CpCPCCsCCwcopox4M0JYx4EnJm/+kjqu6UcvkSM2AuPdobflnqSBj:tCCCCCCC8CpCPCCsCCbefJw4sE/+TTMH

    Score
    10/10
    snakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks