General
-
Target
DHL Waybill & Shipping Document.exe
-
Size
2.8MB
-
Sample
240714-j15csaverc
-
MD5
a80d785ff635c1903e51209cdb854d55
-
SHA1
a328fce4a7bf076f046193936fd272d262c08acd
-
SHA256
fa4dd3214fe17f69079274a2dd01ed191a1b7c70c96bc36d274a5f6758deaffb
-
SHA512
0f68122a9f9d14cabac8c07849ab81027384eca0cce386ddc414903436dfa2157cab56d0a8105d1dfb7a041ee3f0cfee30e34c435c4e2e0b315594da3f269d01
-
SSDEEP
12288:n9MaVrg++LvtflmwLpe+0d5POpdVC16SA7t:nKacTLyw0+452pd0QX
Static task
static1
Behavioral task
behavioral1
Sample
DHL Waybill & Shipping Document.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
DHL Waybill & Shipping Document.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6040706883:AAGj7B9ONNWM5dxNf28Wuf8zMNReKmR75X0/sendMessage?chat_id=6081058038
Targets
-
-
Target
DHL Waybill & Shipping Document.exe
-
Size
2.8MB
-
MD5
a80d785ff635c1903e51209cdb854d55
-
SHA1
a328fce4a7bf076f046193936fd272d262c08acd
-
SHA256
fa4dd3214fe17f69079274a2dd01ed191a1b7c70c96bc36d274a5f6758deaffb
-
SHA512
0f68122a9f9d14cabac8c07849ab81027384eca0cce386ddc414903436dfa2157cab56d0a8105d1dfb7a041ee3f0cfee30e34c435c4e2e0b315594da3f269d01
-
SSDEEP
12288:n9MaVrg++LvtflmwLpe+0d5POpdVC16SA7t:nKacTLyw0+452pd0QX
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-