General
-
Target
Maersk MRKU8781602.exe
-
Size
583KB
-
Sample
231211-sy9ddsagfj
-
MD5
0dcf5857ca513794704a6012a54b0aed
-
SHA1
6019028223864579d74a12a9c3455393e912b244
-
SHA256
e9f88073d5491f31b1adfaea06537b8601075e4cf5990a415248ae0508240126
-
SHA512
e8fd4739e880532fb971f647c98c8674d77a049cd6f92a11540ad0897fa526f123571d726fd6680538f136e4299f5ba38bf536c414b6e46d75c25572d3cb1610
-
SSDEEP
12288:w3IU8S6eUdrMlS1MeYtX54/cGIvgsHzR35gxtVNq50/J95:OItSAdIkYtScnpHz0lq505
Static task
static1
Behavioral task
behavioral1
Sample
Maersk MRKU8781602.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Maersk MRKU8781602.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
Maersk MRKU8781602.exe
-
Size
583KB
-
MD5
0dcf5857ca513794704a6012a54b0aed
-
SHA1
6019028223864579d74a12a9c3455393e912b244
-
SHA256
e9f88073d5491f31b1adfaea06537b8601075e4cf5990a415248ae0508240126
-
SHA512
e8fd4739e880532fb971f647c98c8674d77a049cd6f92a11540ad0897fa526f123571d726fd6680538f136e4299f5ba38bf536c414b6e46d75c25572d3cb1610
-
SSDEEP
12288:w3IU8S6eUdrMlS1MeYtX54/cGIvgsHzR35gxtVNq50/J95:OItSAdIkYtScnpHz0lq505
-
Detect ZGRat V1
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-