General
-
Target
Voyage Orders Detail.exe
-
Size
759KB
-
Sample
230610-l3xrtsfc9x
-
MD5
95f3c49fd7969574fb9b5296c527aa13
-
SHA1
cde40ad6dff41f36a7c314bf91ba8c9de05a029a
-
SHA256
379ccf754b70aa15e6d95ce3ff7076eea655b6c833033c3a95e8c6108f3c0f59
-
SHA512
8566bd4ced3c0583978bbd5fff4bed8baafe06ac8b2b63d4402ecb4a1ea2d16e08c03cbcc827099a8baa52b00e9333986f2e6d8250b8f3a5d4fcb21c74d0e35f
-
SSDEEP
12288:2UlRuZQhaDnLMzIL2q+RTdOL8x7wTYXGr18xAOKHqZEuv1Y5tqm31wsTuEHe:2UlRugOyqGUL8x7wTYX2+mLKmuvKtqEm
Static task
static1
Behavioral task
behavioral1
Sample
Voyage Orders Detail.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Voyage Orders Detail.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
argona.ro - Port:
26 - Username:
dan.grama@argona.ro - Password:
Argona12!@ - Email To:
trainee@valleycountysar.org
Targets
-
-
Target
Voyage Orders Detail.exe
-
Size
759KB
-
MD5
95f3c49fd7969574fb9b5296c527aa13
-
SHA1
cde40ad6dff41f36a7c314bf91ba8c9de05a029a
-
SHA256
379ccf754b70aa15e6d95ce3ff7076eea655b6c833033c3a95e8c6108f3c0f59
-
SHA512
8566bd4ced3c0583978bbd5fff4bed8baafe06ac8b2b63d4402ecb4a1ea2d16e08c03cbcc827099a8baa52b00e9333986f2e6d8250b8f3a5d4fcb21c74d0e35f
-
SSDEEP
12288:2UlRuZQhaDnLMzIL2q+RTdOL8x7wTYXGr18xAOKHqZEuv1Y5tqm31wsTuEHe:2UlRugOyqGUL8x7wTYX2+mLKmuvKtqEm
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-