General
-
Target
order pdf.exe
-
Size
491KB
-
Sample
240508-jfx3zahf3w
-
MD5
1aa85e7264a5b41dea1dc1347c21c6e4
-
SHA1
0673529b1f6635f1d6bf652f78bd95b615a7fc62
-
SHA256
8a3d0e96ab670914b932cdd86254db25e5e45c5f6a540e331bdc9370863542d9
-
SHA512
05e126fd810007191ddf41aaf85ae521d2d0303fe26a56aff82c420238beb329b40436252873f970038144a239d44d8c29b428dda09835ba1341d6b6b1e0fa62
-
SSDEEP
12288:pyQHwt3dGClR6NsJw0lp1BUiFJx75otHbHc:Gt3MCwsJwgPx75c
Static task
static1
Behavioral task
behavioral1
Sample
order pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
order pdf.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.lubentech.com - Port:
587 - Username:
[email protected] - Password:
hamid@1349
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.lubentech.com - Port:
587 - Username:
[email protected] - Password:
hamid@1349 - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
order pdf.exe
-
Size
491KB
-
MD5
1aa85e7264a5b41dea1dc1347c21c6e4
-
SHA1
0673529b1f6635f1d6bf652f78bd95b615a7fc62
-
SHA256
8a3d0e96ab670914b932cdd86254db25e5e45c5f6a540e331bdc9370863542d9
-
SHA512
05e126fd810007191ddf41aaf85ae521d2d0303fe26a56aff82c420238beb329b40436252873f970038144a239d44d8c29b428dda09835ba1341d6b6b1e0fa62
-
SSDEEP
12288:pyQHwt3dGClR6NsJw0lp1BUiFJx75otHbHc:Gt3MCwsJwgPx75c
-
Snake Keylogger payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-