General
-
Target
119.H36.029-Takim Conta-29-11-2023.pdf.exe
-
Size
577KB
-
Sample
231130-hpjfhaha21
-
MD5
009a10fd65c1d1a0381878eed34e0788
-
SHA1
b955284c838741c89f96bdc40b0f5d06ff7106ce
-
SHA256
126f126044e4b0e1c30955f9ec9f1f7a72956af7ff274e7533575e11e78272db
-
SHA512
eff107b6c3f1e6e04114473186c5312252c375cda59dc30e3fa757d755c91abc90d5e16c91bc3d1c8b652744fa08cab4054a922ef020bd5253e1a4b9f9a61e78
-
SSDEEP
12288:f6copox4KSdWdblH9xrN+IW2+iaYke6G:pe5d+bl9hN+CBN1
Static task
static1
Behavioral task
behavioral1
Sample
119.H36.029-Takim Conta-29-11-2023.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
119.H36.029-Takim Conta-29-11-2023.pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
119.H36.029-Takim Conta-29-11-2023.pdf.exe
-
Size
577KB
-
MD5
009a10fd65c1d1a0381878eed34e0788
-
SHA1
b955284c838741c89f96bdc40b0f5d06ff7106ce
-
SHA256
126f126044e4b0e1c30955f9ec9f1f7a72956af7ff274e7533575e11e78272db
-
SHA512
eff107b6c3f1e6e04114473186c5312252c375cda59dc30e3fa757d755c91abc90d5e16c91bc3d1c8b652744fa08cab4054a922ef020bd5253e1a4b9f9a61e78
-
SSDEEP
12288:f6copox4KSdWdblH9xrN+IW2+iaYke6G:pe5d+bl9hN+CBN1
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-