General
-
Target
Voyage Orders Details.exe
-
Size
761KB
-
Sample
230327-ssfh5aea66
-
MD5
882bc784202475c666b589b889b72037
-
SHA1
2a17b07e408d7f6e4c7ee5f7e833a199eeafe6dc
-
SHA256
003c6607c3deee0f0c458c18220403e1eb2ae5469814756e551faf5bf3fc9f5a
-
SHA512
27236df8c319509f3f2a0b59bc5ec8df2bf9cf34a7f7c115073be74f683af9bfe81bc84de687c50435899f399dea65c305e9e32d73fac8632b827c3690d11f01
-
SSDEEP
12288:YkUJB0Oj1Si6Uxo6WM3ZYPVEWZU3LgLTM8VLOy5cT3l9mB3KaPvrBS3PTFJhZ:YNuiLxdW8YPVxUuTM8ZPcTIKrfD
Static task
static1
Behavioral task
behavioral1
Sample
Voyage Orders Details.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Voyage Orders Details.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
mbown@valleycountysar.org - Password:
}eQA)VL2!$V}
Targets
-
-
Target
Voyage Orders Details.exe
-
Size
761KB
-
MD5
882bc784202475c666b589b889b72037
-
SHA1
2a17b07e408d7f6e4c7ee5f7e833a199eeafe6dc
-
SHA256
003c6607c3deee0f0c458c18220403e1eb2ae5469814756e551faf5bf3fc9f5a
-
SHA512
27236df8c319509f3f2a0b59bc5ec8df2bf9cf34a7f7c115073be74f683af9bfe81bc84de687c50435899f399dea65c305e9e32d73fac8632b827c3690d11f01
-
SSDEEP
12288:YkUJB0Oj1Si6Uxo6WM3ZYPVEWZU3LgLTM8VLOy5cT3l9mB3KaPvrBS3PTFJhZ:YNuiLxdW8YPVxUuTM8ZPcTIKrfD
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-