General
-
Target
COMPANY PROFILE_pdf.exe
-
Size
2.0MB
-
Sample
241007-j3valavekk
-
MD5
d60968fc5bcc52cb58e02f8c866cf43d
-
SHA1
1e007b4dadfafa24f750612f2dff8ba48f5b05b2
-
SHA256
f00d6879840cc1fc5087c7e8fe8f4fd701dd2bb58aac9420f77b326b383d37da
-
SHA512
aabacfc88590a3205dd776acfb6d6ccd89b6fdfb82b8c9f2d7a637fde51b8f31ec12c6be8cb008a1d1ca5b35a6871387ec84d6bbf1aec1f4ed6f7c6945a4b5b9
-
SSDEEP
12288:P/8+3OpHnvQoS7uwXMox9rqKiZDhYkS07bRKu0ZATyMw57+xvoK5SfXwPEW8:PE+3MHn4o7wXZx9rQS0/QWzDsW8
Static task
static1
Behavioral task
behavioral1
Sample
COMPANY PROFILE_pdf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
COMPANY PROFILE_pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5959992477:AAHE-7vhpGmcidn94EXH2Dz0foqgJdGDb1E/sendMessage?chat_id=6070433873
Targets
-
-
Target
COMPANY PROFILE_pdf.exe
-
Size
2.0MB
-
MD5
d60968fc5bcc52cb58e02f8c866cf43d
-
SHA1
1e007b4dadfafa24f750612f2dff8ba48f5b05b2
-
SHA256
f00d6879840cc1fc5087c7e8fe8f4fd701dd2bb58aac9420f77b326b383d37da
-
SHA512
aabacfc88590a3205dd776acfb6d6ccd89b6fdfb82b8c9f2d7a637fde51b8f31ec12c6be8cb008a1d1ca5b35a6871387ec84d6bbf1aec1f4ed6f7c6945a4b5b9
-
SSDEEP
12288:P/8+3OpHnvQoS7uwXMox9rqKiZDhYkS07bRKu0ZATyMw57+xvoK5SfXwPEW8:PE+3MHn4o7wXZx9rQS0/QWzDsW8
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-