General
-
Target
715a3d7675672d8474b83bedfee8e594b96856fa34a915debf9ae57c171ee366.docm
-
Size
15KB
-
Sample
241207-dbc94sxqdj
-
MD5
9ce250e7dace223506f0d22240530bb6
-
SHA1
24a87a2730fb3913369ae8f67ea459afc57976bd
-
SHA256
715a3d7675672d8474b83bedfee8e594b96856fa34a915debf9ae57c171ee366
-
SHA512
3185e16fa152f586e91abf29e77087f3966a40e795487c17de1f8320b3c35ff06f99a57762203fb33a18b67e15f11ef451bd1fe30882f319177880bf562a39d3
-
SSDEEP
384:/imteTM+3an0i13Lp3kO/Xv+iT3eZazFkG:/LJ7v1393p/XGiT3N
Behavioral task
behavioral1
Sample
715a3d7675672d8474b83bedfee8e594b96856fa34a915debf9ae57c171ee366.docm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
715a3d7675672d8474b83bedfee8e594b96856fa34a915debf9ae57c171ee366.docm
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.dap.vn - Port:
587 - Username:
[email protected] - Password:
KhAnh110886 - Email To:
[email protected]
Targets
-
-
Target
715a3d7675672d8474b83bedfee8e594b96856fa34a915debf9ae57c171ee366.docm
-
Size
15KB
-
MD5
9ce250e7dace223506f0d22240530bb6
-
SHA1
24a87a2730fb3913369ae8f67ea459afc57976bd
-
SHA256
715a3d7675672d8474b83bedfee8e594b96856fa34a915debf9ae57c171ee366
-
SHA512
3185e16fa152f586e91abf29e77087f3966a40e795487c17de1f8320b3c35ff06f99a57762203fb33a18b67e15f11ef451bd1fe30882f319177880bf562a39d3
-
SSDEEP
384:/imteTM+3an0i13Lp3kO/Xv+iT3eZazFkG:/LJ7v1393p/XGiT3N
-
Snake Keylogger payload
-
Snakekeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-