General
-
Target
FSSC22000_06_27_2014_pdf.exe
-
Size
1.4MB
-
Sample
240704-gzk7eazhnh
-
MD5
9aab498a50b51bc9014f0b060b445493
-
SHA1
324bdf96eba0c02159a36abef178688c41558566
-
SHA256
11ef0487391e33e9d045ca1c98a62022dbf4c9e464776f8f4c32523d2c9f5759
-
SHA512
7525813a9cbe16e7c0a7c7795b069d7c49bee678d1a30cebb8437934dabf6e14151c8ea7a26239b3a108a39b4bcd5c72c0c680a8805e1545f03d71e701b7ddaa
-
SSDEEP
12288:mr12xwvM3ivkBI2Zk3Duwil/ASihOzfo1DL+zOMDwHLW:s12xCoivkLZWDuwFS/s1WyvrW
Static task
static1
Behavioral task
behavioral1
Sample
FSSC22000_06_27_2014_pdf.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
FSSC22000_06_27_2014_pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.therealdealboattours.com - Port:
587 - Username:
[email protected] - Password:
success$2022
Targets
-
-
Target
FSSC22000_06_27_2014_pdf.exe
-
Size
1.4MB
-
MD5
9aab498a50b51bc9014f0b060b445493
-
SHA1
324bdf96eba0c02159a36abef178688c41558566
-
SHA256
11ef0487391e33e9d045ca1c98a62022dbf4c9e464776f8f4c32523d2c9f5759
-
SHA512
7525813a9cbe16e7c0a7c7795b069d7c49bee678d1a30cebb8437934dabf6e14151c8ea7a26239b3a108a39b4bcd5c72c0c680a8805e1545f03d71e701b7ddaa
-
SSDEEP
12288:mr12xwvM3ivkBI2Zk3Duwil/ASihOzfo1DL+zOMDwHLW:s12xCoivkLZWDuwFS/s1WyvrW
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-