General
-
Target
Voyage Orders.exe
-
Size
489KB
-
Sample
231219-sj1spsdgd7
-
MD5
73d48d44751c6d0241ac26c1123822be
-
SHA1
d794d3df6027c438f86c3418216ff9e18f32c5b8
-
SHA256
0dd188237a562417f239ff9be662f9336ec77a0906af62c26516a8e6f767f9f5
-
SHA512
5bc2e07fa120e4392d08f5930d82e0849555522338b625ae247fde4c913528e41421b387b00a6a3741556b97bbabb45bb296fd702422da44af9ede5048d8adbe
-
SSDEEP
12288:yrpviYJS8EtOcpAT35CPA7kyig/jZnP55oM:yrpasS8qOcCCPA7kyigLN0M
Static task
static1
Behavioral task
behavioral1
Sample
Voyage Orders.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Voyage Orders.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Voyage Orders.exe
-
Size
489KB
-
MD5
73d48d44751c6d0241ac26c1123822be
-
SHA1
d794d3df6027c438f86c3418216ff9e18f32c5b8
-
SHA256
0dd188237a562417f239ff9be662f9336ec77a0906af62c26516a8e6f767f9f5
-
SHA512
5bc2e07fa120e4392d08f5930d82e0849555522338b625ae247fde4c913528e41421b387b00a6a3741556b97bbabb45bb296fd702422da44af9ede5048d8adbe
-
SSDEEP
12288:yrpviYJS8EtOcpAT35CPA7kyig/jZnP55oM:yrpasS8qOcCCPA7kyigLN0M
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-