General
-
Target
Voyage Order Details.exe
-
Size
647KB
-
Sample
230507-h5htxadc29
-
MD5
23a1f61ba07f8af3e0b379e15ee42d61
-
SHA1
cc6fa54ce4a0b0338aa2b575c217c6923f4474b2
-
SHA256
1a6f98c2107fd310ce83b4e6fe93635f9f82a8a2cd5ed746aa630b6580d83ed6
-
SHA512
185381fabfd445cb841843aa3a3f5d90f885b7ceab14df747912ef93411608fc016ff35e8ec1372584154a0fd8bfad3a43a6f033b6218db27fc189aec2f63f34
-
SSDEEP
12288:XV2iN1Bzn85RByi+Ztq+Gre/InTJGYdRtMlDE+UkBxTEFA9KLp:l1p85yi+ZtgreQTAORsOA63Lp
Static task
static1
Behavioral task
behavioral1
Sample
Voyage Order Details.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Voyage Order Details.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
argona.ro - Port:
26 - Username:
[email protected] - Password:
Argona12!@ - Email To:
[email protected]
Targets
-
-
Target
Voyage Order Details.exe
-
Size
647KB
-
MD5
23a1f61ba07f8af3e0b379e15ee42d61
-
SHA1
cc6fa54ce4a0b0338aa2b575c217c6923f4474b2
-
SHA256
1a6f98c2107fd310ce83b4e6fe93635f9f82a8a2cd5ed746aa630b6580d83ed6
-
SHA512
185381fabfd445cb841843aa3a3f5d90f885b7ceab14df747912ef93411608fc016ff35e8ec1372584154a0fd8bfad3a43a6f033b6218db27fc189aec2f63f34
-
SSDEEP
12288:XV2iN1Bzn85RByi+Ztq+Gre/InTJGYdRtMlDE+UkBxTEFA9KLp:l1p85yi+ZtgreQTAORsOA63Lp
-
Snake Keylogger payload
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-