General
-
Target
47412a6543038478b870da4d51d9e945c80a7c130965ddc302e72eddb54905e4.zip
-
Size
854KB
-
Sample
241031-ctd4paynbn
-
MD5
9d30d2bd591c601ce5c3eed2e1093b96
-
SHA1
9f3ff65b1b5ffe73f780a884e2683b75047f447a
-
SHA256
47412a6543038478b870da4d51d9e945c80a7c130965ddc302e72eddb54905e4
-
SHA512
f1207e0197e03238b9bfb0eaf8ac2e6073a5bdcbb585cc8423d25bf87bf90026404d9383a0b80e36315595b5801067ad2d23174afb3bc366a0ae384767619c49
-
SSDEEP
24576:W+YAjq5pdLjud/+i2+lm0/UN0LdAuAZX/iKJ:rtjq5zLjIK+l/UNMd3ArJ
Static task
static1
Behavioral task
behavioral1
Sample
MR for steam DRUM-A1_pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
MR for steam DRUM-A1_pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7498931539:AAE8KHb70FueL6YmOOF6rhS3Z3o-F1rx6_A/sendMessage?chat_id=1178171552
Targets
-
-
Target
MR for steam DRUM-A1_pdf.exe
-
Size
1.1MB
-
MD5
aaa6233ad5bf1fa876ad708b2af4d7d5
-
SHA1
caa797aaac80a8c807e8e152f280188b8b4e8819
-
SHA256
13d4f8ebe986653a6512cace310b4927b694a5127036d85c2d1c8840634537e4
-
SHA512
5cab1d39f1af187bc34073052e1672cee1aa131272abae98053f2273afc9f57b573517358e110dd6b56f4653ead9ab653828c80bb408f3456f3451db901a257e
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLI2klYKlUhypdA0IJF/iog:f3v+7/5QLbkl/Uhad7I9g
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-