General
-
Target
rliquida____odefaturadepagamento.exe
-
Size
2.3MB
-
Sample
241008-qvk6aazbjl
-
MD5
383574fcb2a1b030666cb7c3be603445
-
SHA1
2fcf52b141d329798d4d9c6fc1c2b3326a8ccdc9
-
SHA256
b0a9e6a7deccda1f29e48f243f15e225f59e9fe11e7ce25f9433e3f8d233ad6c
-
SHA512
92f6bbb31d94f72e3fdf1396270563647f22f853828658ab9843616cb2d534ce2b3081df87bb2129bee267cfa83f8aaa7dfaf447a8d104a6c89ef049a4562e8a
-
SSDEEP
24576:XNw5wQb8vxzKM8LKbaxrNzlEUBFs6JYH2oDXPtJv55njhYzuyKpraS7FFX:XNQbNEaxrNzl5FYJLtpxwuyuF
Static task
static1
Behavioral task
behavioral1
Sample
rliquida____odefaturadepagamento.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
rliquida____odefaturadepagamento.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
webmail.setarehatlaspars.com - Port:
587 - Username:
[email protected] - Password:
Set@reh1398
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.setarehatlaspars.com - Port:
587 - Username:
[email protected] - Password:
Set@reh1398 - Email To:
[email protected]
Targets
-
-
Target
rliquida____odefaturadepagamento.exe
-
Size
2.3MB
-
MD5
383574fcb2a1b030666cb7c3be603445
-
SHA1
2fcf52b141d329798d4d9c6fc1c2b3326a8ccdc9
-
SHA256
b0a9e6a7deccda1f29e48f243f15e225f59e9fe11e7ce25f9433e3f8d233ad6c
-
SHA512
92f6bbb31d94f72e3fdf1396270563647f22f853828658ab9843616cb2d534ce2b3081df87bb2129bee267cfa83f8aaa7dfaf447a8d104a6c89ef049a4562e8a
-
SSDEEP
24576:XNw5wQb8vxzKM8LKbaxrNzlEUBFs6JYH2oDXPtJv55njhYzuyKpraS7FFX:XNQbNEaxrNzl5FYJLtpxwuyuF
-
Snake Keylogger payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-