General
-
Target
823a695d39a3d906ede74d93a6518158f31e6ce7cfecc8884f93428bf1016027
-
Size
328KB
-
Sample
231023-d3t2yadg6v
-
MD5
f5dfbed3679a4418d2384dfcdac37d84
-
SHA1
be2613c00b6a91030a727ca344dd58a13104bdc3
-
SHA256
823a695d39a3d906ede74d93a6518158f31e6ce7cfecc8884f93428bf1016027
-
SHA512
ef9943408a68eda82614c098d46853c37c8dfecf8a886550e898599a2894f6644f2cd2fd1f4918f6f3dbbc35e90a149e8ad7a15c57454ead481eefa9d6f48d74
-
SSDEEP
6144:4WQvToCDyF51Om2Kr23HtJu80h+4gurSsvjPiWkEusm16Kd/2+J0IrkDos:4WQrg5Hr23H8h+krbjKBEuf1nJ345
Static task
static1
Behavioral task
behavioral1
Sample
sailing ordersvessels details.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
sailing ordersvessels details.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6754900376:AAGYXoJTG6DIGlzBESgGpB5cShe07Imh7JY/sendMessage?chat_id=5007084465
Targets
-
-
Target
sailing ordersvessels details.exe
-
Size
432KB
-
MD5
38c7d78e5d7cfad455053448c7861505
-
SHA1
f354edfb44d8c47bbdd20ec8b73da46175b4989b
-
SHA256
8f37fbe5ad7ab657d74837c722b3719561a8f6ad9153ac3e803a654d06041299
-
SHA512
29ec81a7086d6c4a0f86985a91337055126d1bac29a9f8acc800499742dbd1b1ff5a5e0bbc2e8768546f2a14e5a75faed378499b3e7e05cb5b6f05f10528bf7a
-
SSDEEP
12288:zD7gUinfOOazylCH8hTk5WukXBfYrOiqoe5:cfOOazy5CWukXBO
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-