General
-
Target
PRODUCTS LIST.pdf.z
-
Size
484KB
-
Sample
240627-jmqbpszaqf
-
MD5
2e20ed49a4ace68ab8b348a1ec8f7b70
-
SHA1
092a95a323788365b40d513c72d488d186baeee5
-
SHA256
52fce8689a2666e8198496ac8539db6ee185fc978ddd10d03ae86638ffb90c80
-
SHA512
e093d2180e49a711e65d1bce6f28c9ef1478697fc1a3f8139f5305ee996b0843e6ceb40b4ab9ae5808c8e4f0bf9012ced3829bed17af4e95f304d2413fb0b3f5
-
SSDEEP
12288:toBV3IQQJR0Mii3xcCGBE46kDlF8Zzk7d0qrWYGhwDl:te5I/n0UfI8sdtiYV
Static task
static1
Behavioral task
behavioral1
Sample
PRODUCTS LIST.pdf.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
PRODUCTS LIST.pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.anp-aquarium.com - Port:
587 - Username:
[email protected] - Password:
csl53971@ - Email To:
[email protected]
Targets
-
-
Target
PRODUCTS LIST.pdf.exe
-
Size
541KB
-
MD5
32c4e05aa7f5a3db58952fc06a00431d
-
SHA1
db05864bb7349e3e4cb35d51a03c7110d049fa8f
-
SHA256
a745afdd5cb81567de1560ead34145f713b7894058aa2097d755bf5d09b9d34f
-
SHA512
88880e24e35ca74001b9e20599c8bab3f11f37b200d14517a2a985adbc0f20247538c5d2646d2f6bdaac4d72fbb35f36e38ea5386c323d4b0881ddd7b4c52f3f
-
SSDEEP
12288:l99glhxbCawPRlsp8UQnF6mYlBNS61kf4mQKBWQ2:lGwJH5nEtS61MnQKBWQ2
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-