General
-
Target
Great Shipping Management Document.exe
-
Size
277KB
-
Sample
231011-lk1e1agb45
-
MD5
5ad41d4b9560b04a12928a393661189c
-
SHA1
b703d404755d4400072548ad29560c860939e1e0
-
SHA256
a2e5356ff3d8617b129a23d76d85c2db3f6d803dccc160bdb95200db441229c5
-
SHA512
890c002ac837629f08bb0ac139e6a3634482a1aa32ab28b5fb63189906245969050a86cd2a292b1aa7d98a7440dd3dc8d4ae3d85c05e89b63c9516f722beb4a8
-
SSDEEP
6144:4X5dp+sevRT2mDGn10/Ao5OJBnaznfgWrzLcSInGYDmRWD:E5P+sCDG8Ao5OJgTgWrzFIrmRW
Static task
static1
Behavioral task
behavioral1
Sample
Great Shipping Management Document.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Great Shipping Management Document.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6307848603:AAHuPYbVu9-pOqbv-rh59-MPBtLsLADgIWE/sendMessage?chat_id=6270867455
Targets
-
-
Target
Great Shipping Management Document.exe
-
Size
277KB
-
MD5
5ad41d4b9560b04a12928a393661189c
-
SHA1
b703d404755d4400072548ad29560c860939e1e0
-
SHA256
a2e5356ff3d8617b129a23d76d85c2db3f6d803dccc160bdb95200db441229c5
-
SHA512
890c002ac837629f08bb0ac139e6a3634482a1aa32ab28b5fb63189906245969050a86cd2a292b1aa7d98a7440dd3dc8d4ae3d85c05e89b63c9516f722beb4a8
-
SSDEEP
6144:4X5dp+sevRT2mDGn10/Ao5OJBnaznfgWrzLcSInGYDmRWD:E5P+sCDG8Ao5OJgTgWrzFIrmRW
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-