General
-
Target
OVER DUE INVOICE PAYMENT.docx
-
Size
16KB
-
Sample
240704-dktcpatakh
-
MD5
9f3fd4e8aa2ad81966d0c2a036d1e901
-
SHA1
80a58393acb58fcc666e56b514994d98ba3f4716
-
SHA256
cd9cf022180c8c6f6c4fb0d76476bf2e9382128d28a4686114c50448934e5381
-
SHA512
1f97f830da19d686d8a41f8be36809fbd245f8720835561730dd10bf7cbefe03f17e77df32c0d9c1333084fb598f718fec3ad69f6d7c9313a139b7faa872a7c1
-
SSDEEP
384:3oyX8glCWUs8PL8wi4OEwH8TIbE91r2fRgJY7viL6CnUaV:Yc8xv5P3DOqnYJu2vq6CnB
Static task
static1
Behavioral task
behavioral1
Sample
OVER DUE INVOICE PAYMENT.docx
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
OVER DUE INVOICE PAYMENT.docx
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.artefes.com - Port:
587 - Username:
[email protected] - Password:
ArtEfes4765*+
Targets
-
-
Target
OVER DUE INVOICE PAYMENT.docx
-
Size
16KB
-
MD5
9f3fd4e8aa2ad81966d0c2a036d1e901
-
SHA1
80a58393acb58fcc666e56b514994d98ba3f4716
-
SHA256
cd9cf022180c8c6f6c4fb0d76476bf2e9382128d28a4686114c50448934e5381
-
SHA512
1f97f830da19d686d8a41f8be36809fbd245f8720835561730dd10bf7cbefe03f17e77df32c0d9c1333084fb598f718fec3ad69f6d7c9313a139b7faa872a7c1
-
SSDEEP
384:3oyX8glCWUs8PL8wi4OEwH8TIbE91r2fRgJY7viL6CnUaV:Yc8xv5P3DOqnYJu2vq6CnB
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-