General
-
Target
付款收据_PDF.zip
-
Size
21KB
-
Sample
241029-amklsa1djp
-
MD5
175584aeb3adc40de9c7e9d40535cd9a
-
SHA1
e25ec2710ee98843891b5ca480e313412a749fd6
-
SHA256
81f96447b363e2eda47b195df8bb05c68ff378150b1aff80c22e555a3c5214fc
-
SHA512
516c21f36fc9ec0e7f1c0300e72e37c549ef0969401214f67c675e2153ab0b2f1b7a450f0db567af40bd96755684c37c5c665cf7298c7affc777fccd5fe84d3b
-
SSDEEP
384:F35ijZ3WE0KNmL4UjSB6lcLxQ3BiYPD7aCfiOqj0h:F3McPKgUUjcIcLxQxiYfHLqq
Static task
static1
Behavioral task
behavioral1
Sample
Ndnownts.exe
Resource
win10v2004-20241007-ja
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7698096781:AAGQLD6o1kzjfTe7ym-NWYz9KeQ-WUS_Q04/sendMessage?chat_id=6243598265
Targets
-
-
Target
Ndnownts.exe
-
Size
53KB
-
MD5
297e05ee6ce9a0e345f5053d87ac7401
-
SHA1
3aaf227b2a441d16477f2db50b35c03711f1c583
-
SHA256
188d3957239f757531a5783322eaa577cef632c4bde8acc6b82ee166c79d4cc8
-
SHA512
ff9f8b58992e3c09e0e72889a5793b0c50c806d1f2fca4afcd1125e6a9d65e0270c90b6c58d04814413eb660609b14248488e0d949ed0b0c824bde476c3229e0
-
SSDEEP
768:oO8d/uNf0FME+RGoOfHvtkVCWDwIXSqi935jSsNPKzTKWV1YaojgQug1/nJpVI6C:Yg9vZy1/JI6WLLoHT0ti9hge+
-
Snake Keylogger payload
-
Snakekeylogger family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-