General
-
Target
mkpub_Great Shipping Management Document.zip
-
Size
270KB
-
Sample
230929-hhlmaagc5w
-
MD5
78b4422f14bad240ae3fd1124dd75402
-
SHA1
5b8386faa5c4163c2bd27b558b996f4fa157d97e
-
SHA256
c28a51c02fdcd00a3210b55fb9bc0863ae97d4535145c2cfc416b43280f6252c
-
SHA512
e4672ae1192a82d695cb2d564c5e266cfb5be4d09e602e4d927fdc265e0ffe8dd2075c96edc68c93e16874c217a285df550182f9f7463e2fb3a59211de0df1e3
-
SSDEEP
6144:Chpuus4avRT2YDGn/0/Ao5O9BnUznfgqrzLcSIn2YDmJWf:CHuuloDG6Ao5O9GTgqrzFI7mG
Static task
static1
Behavioral task
behavioral1
Sample
Great Shipping Management Document.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Great Shipping Management Document.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6307848603:AAHuPYbVu9-pOqbv-rh59-MPBtLsLADgIWE/sendMessage?chat_id=6270867455
Targets
-
-
Target
Great Shipping Management Document.exe
-
Size
277KB
-
MD5
5ad41d4b9560b04a12928a393661189c
-
SHA1
b703d404755d4400072548ad29560c860939e1e0
-
SHA256
a2e5356ff3d8617b129a23d76d85c2db3f6d803dccc160bdb95200db441229c5
-
SHA512
890c002ac837629f08bb0ac139e6a3634482a1aa32ab28b5fb63189906245969050a86cd2a292b1aa7d98a7440dd3dc8d4ae3d85c05e89b63c9516f722beb4a8
-
SSDEEP
6144:4X5dp+sevRT2mDGn10/Ao5OJBnaznfgWrzLcSInGYDmRWD:E5P+sCDG8Ao5OJgTgWrzFIrmRW
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-