General
-
Target
Detail-virement-international-032024074900542060000000.pdf.lzh
-
Size
503KB
-
Sample
240628-fxwppawakq
-
MD5
f5f2c79b4a99867c96be919abedc80ed
-
SHA1
e2466674fe38845b36c7974653c6f2767e721763
-
SHA256
062d95745d360e9a0819bef06807be73822283b9f57226efd4aa3a10cf1d7ff2
-
SHA512
f10391585c392a060255a1f79834f201177bc7b2b3dd48bfc744b82c01ef28c9fa9ce12ec92e14a10e6c18a124d092d23429b355ec10734f3dcf26c9ffb120b6
-
SSDEEP
12288:mezbvvQB+/ptUlefnL81Wu1dqypYmOD2Lgrc:mObv4sBu31d/YsLX
Static task
static1
Behavioral task
behavioral1
Sample
Detail-virement-international-032024074900542060000000.pdf.exe
Resource
win7-20240508-de
Behavioral task
behavioral2
Sample
Detail-virement-international-032024074900542060000000.pdf.exe
Resource
win10v2004-20240226-de
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sprayerbarn.com.au - Port:
587 - Username:
[email protected] - Password:
Matthew@13
https://scratchdreams.tk
Targets
-
-
Target
Detail-virement-international-032024074900542060000000.pdf.exe
-
Size
516KB
-
MD5
f582c7d4bea6603056786884cdad5412
-
SHA1
3fbcf63cf3ec4519cbb9360676da3a03bc368fb6
-
SHA256
120594fdeca3e974cb68fed91dac11294ba8cf36c0cb822c2f5ef279bb7a7633
-
SHA512
3161fdd82063997589ee0653e2ac46cce5da60b66500363944cb795c681b9d99acf5d3fb420bc10906f6ea89c321631bd13931b9606de157465ce363819eab4a
-
SSDEEP
12288:nsrVFmUYQ8WxgjUlefBL8RWu1ANz0w19OhI:srVFqWWwL1AqekW
Score10/10-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-