General
-
Target
a1691d6ed11886675a6470ca097d0456af5105b731c8b6083e41d440aafdb2df
-
Size
609KB
-
Sample
241128-zvgbrszrbx
-
MD5
c860fbf23aeda1d924875530abd1333c
-
SHA1
f5608d48aca738d8b10f4fa37696160fa0bc7cd1
-
SHA256
a1691d6ed11886675a6470ca097d0456af5105b731c8b6083e41d440aafdb2df
-
SHA512
a4b154ebc3e068ab9e06c4fb164a3beab27e2b22e590c34675425cd3f7484f40f1a99eb30d0cd71ca76f4f9736bcf540d81fb71b54fa09a63ba8c6f77d224fa9
-
SSDEEP
12288:aWNw9mR8VtJU/FThfndBOhBbTEl1Bl14T1xYoQsRgFBtwE64nc8+Xyj16LT:aWNEaTNr2k1mhBcLCuiXOk
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT DEL BANCO ....pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SWIFT DEL BANCO ....pdf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7778964135:AAGwyiOaaqks3s5KrOkXWmxcGXjj3R5nqBY/sendMessage?chat_id=5600682828
Targets
-
-
Target
SWIFT DEL BANCO ....pdf.exe
-
Size
703KB
-
MD5
081ca4270f480233f8cc4a2cf6b33937
-
SHA1
e6bb74aa87a11648efd7db06e3b8abc028ba65b5
-
SHA256
e57f34e78fdce24981c1d9e6a40f686f9cf734e2a9d9e851ae47bba9d0f56dbf
-
SHA512
5fc8737eaea950de3c533ef4684ae03568dcbf587650e54aee23f2318e49db1b6486cdcdef73fe4b68d6ea1511fe398f583c501c5d4cad32ff89a9a62023711e
-
SSDEEP
12288:4so1zGksv+SGjpA3yKUUo6a8fZhfXvJOha5zZglTfHnGTHxYYQ0rgF9xqq6wwBPU:01zGUxjuZxx3dCT+DbsXkJ43x
-
Snake Keylogger payload
-
Snakekeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-