General
-
Target
FOB ENQUIRY 5463________________________________________________________pdf.exe
-
Size
546KB
-
Sample
240703-hswj8ssckb
-
MD5
9581c481a006d1ded7b2120cdd0992a1
-
SHA1
b342e491c83e80eb72e7b53af04aef5ef8d81f77
-
SHA256
f698082375960720553e35a6562ee92c09b45984667ead04b6a716cf0fec3d82
-
SHA512
8b3ad8928f4a0594b05f68b65048ba422fbe18365535615ff62b41638a9d935fe5a81df6e79ac78bbec8b11b1698448e575837f9677f33155cef126cae28de2b
-
SSDEEP
12288:NNf+w3xuL9+isdPMTC/GjWyzDPpaDeIVsp:NRYB+zdmSG1ztFE
Static task
static1
Behavioral task
behavioral1
Sample
FOB ENQUIRY 5463________________________________________________________pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FOB ENQUIRY 5463________________________________________________________pdf.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5581840526:AAE1o2MXOklfCJKspnGyHbkaYvwtJlJ8h3M/sendMessage?chat_id=5063375086
Targets
-
-
Target
FOB ENQUIRY 5463________________________________________________________pdf.exe
-
Size
546KB
-
MD5
9581c481a006d1ded7b2120cdd0992a1
-
SHA1
b342e491c83e80eb72e7b53af04aef5ef8d81f77
-
SHA256
f698082375960720553e35a6562ee92c09b45984667ead04b6a716cf0fec3d82
-
SHA512
8b3ad8928f4a0594b05f68b65048ba422fbe18365535615ff62b41638a9d935fe5a81df6e79ac78bbec8b11b1698448e575837f9677f33155cef126cae28de2b
-
SSDEEP
12288:NNf+w3xuL9+isdPMTC/GjWyzDPpaDeIVsp:NRYB+zdmSG1ztFE
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-