General
-
Target
Panama Canal Authority Forms TG.exe
-
Size
476KB
-
Sample
231219-sj14gabdek
-
MD5
f2c1cc948703f49b6658450eff1952f2
-
SHA1
b3601eafe8afa5325d23806c20902d64f3c9aceb
-
SHA256
b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90
-
SHA512
e34a0c5125ad67590016555468504b4eb967beeb33ed5b2da3507743e6b45ce89d32c85f18f577600b2b4a99c2163803cb0688858271c310ee0831782cec5a79
-
SSDEEP
6144:lrk2v4+LmNeWHGjsx41RL/AC0P3kPyXTsIMT/RutQ+AJ61T41qNXw3hvYd:lrm+LmNevoCrLk3/XW/wtQ+AJ6C0w3Y
Static task
static1
Behavioral task
behavioral1
Sample
Panama Canal Authority Forms TG.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Panama Canal Authority Forms TG.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Panama Canal Authority Forms TG.exe
-
Size
476KB
-
MD5
f2c1cc948703f49b6658450eff1952f2
-
SHA1
b3601eafe8afa5325d23806c20902d64f3c9aceb
-
SHA256
b95cb95205d03079c8cae23e77d7e231f0161ad5383d5e16fc560b5cf4d95d90
-
SHA512
e34a0c5125ad67590016555468504b4eb967beeb33ed5b2da3507743e6b45ce89d32c85f18f577600b2b4a99c2163803cb0688858271c310ee0831782cec5a79
-
SSDEEP
6144:lrk2v4+LmNeWHGjsx41RL/AC0P3kPyXTsIMT/RutQ+AJ61T41qNXw3hvYd:lrm+LmNevoCrLk3/XW/wtQ+AJ6C0w3Y
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-