General
-
Target
PO 0206201.PDF.exe
-
Size
530KB
-
Sample
231206-c327waad52
-
MD5
60be219d2b7d424ee98fdb703935ae34
-
SHA1
0e81927460a663cbe8d59a61e82b3d5b9a2cd310
-
SHA256
15840d8dbdb94d787598f7dc0821cf6c1b1c337697bb7369488e2c979d8f73a3
-
SHA512
695a5d750f5e7129402aa68dcb91b992b8d28aaaf287f5e6f5b932fbc714d9a05d22ea0913dd739d076020174b9a403abcf48e8ea089b7bc9e0221968b7b572d
-
SSDEEP
12288:SuXQaueH5qV5wmmdhif9OdMZTpLSzR+oQXlF7Au:Su1qPcdhE8d6IsdlF
Static task
static1
Behavioral task
behavioral1
Sample
PO 0206201.PDF.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
PO 0206201.PDF.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
PO 0206201.PDF.exe
-
Size
530KB
-
MD5
60be219d2b7d424ee98fdb703935ae34
-
SHA1
0e81927460a663cbe8d59a61e82b3d5b9a2cd310
-
SHA256
15840d8dbdb94d787598f7dc0821cf6c1b1c337697bb7369488e2c979d8f73a3
-
SHA512
695a5d750f5e7129402aa68dcb91b992b8d28aaaf287f5e6f5b932fbc714d9a05d22ea0913dd739d076020174b9a403abcf48e8ea089b7bc9e0221968b7b572d
-
SSDEEP
12288:SuXQaueH5qV5wmmdhif9OdMZTpLSzR+oQXlF7Au:Su1qPcdhE8d6IsdlF
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-