General
-
Target
PROFORMA FATURA pdf.exe
-
Size
948KB
-
Sample
241031-lw8whswfjr
-
MD5
1a74c66d4750248af37fe8cb959560cd
-
SHA1
8d4de0fd49e567ed59ff6e0efb62ff43de76e841
-
SHA256
2cc00a298c3bd523eace30d8740ab9d42bba63ce8cebcda5a3c3c52ac801a413
-
SHA512
5b7cb8215e5b089c16bdb27207399ba2f059862272f8e4125858940a910581e48c7ade8c9c0fca2bc9ce13c06a76692da582c5246ec9add660ff96420ff48874
-
SSDEEP
24576:sGF+CJcIc+trkIpbcf1luQnZ/uzzFxiXKjoeKxEfDhI5/3:DxcIfrxC1EQZczFoajoeKic/
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA FATURA pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PROFORMA FATURA pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7924534953:AAE4uZnxj0ai2Cq4ObwL8XXynOA1iDROON0/sendMessage?chat_id=7969902771
Targets
-
-
Target
PROFORMA FATURA pdf.exe
-
Size
948KB
-
MD5
1a74c66d4750248af37fe8cb959560cd
-
SHA1
8d4de0fd49e567ed59ff6e0efb62ff43de76e841
-
SHA256
2cc00a298c3bd523eace30d8740ab9d42bba63ce8cebcda5a3c3c52ac801a413
-
SHA512
5b7cb8215e5b089c16bdb27207399ba2f059862272f8e4125858940a910581e48c7ade8c9c0fca2bc9ce13c06a76692da582c5246ec9add660ff96420ff48874
-
SSDEEP
24576:sGF+CJcIc+trkIpbcf1luQnZ/uzzFxiXKjoeKxEfDhI5/3:DxcIfrxC1EQZczFoajoeKic/
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-