General
-
Target
New shipment details.exe
-
Size
515KB
-
Sample
231221-rz64zsdcb8
-
MD5
c1117172a2e97376213b2bbefb3491bd
-
SHA1
b3751bf360dd1e85f33633e228b40c23329766c6
-
SHA256
f63b61933ecd47ebf5c5c79fb5e30c89852dc271dab0a6df17015392e1158293
-
SHA512
5e6a79d08816f0a20eb372ad32075053e29d9f2582a65740199494209b143337d4dd527cf78f0b08cc2e83b23f656b4d57aee28a4f3d157c25c45aba004ecb9e
-
SSDEEP
12288:YXiF3PPBQI0IrGSdbd4dHlCTO3pb2ASH1SrTlSdS:Ym3PPBQIndYFCT6dS8VS
Static task
static1
Behavioral task
behavioral1
Sample
New shipment details.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
New shipment details.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
New shipment details.exe
-
Size
515KB
-
MD5
c1117172a2e97376213b2bbefb3491bd
-
SHA1
b3751bf360dd1e85f33633e228b40c23329766c6
-
SHA256
f63b61933ecd47ebf5c5c79fb5e30c89852dc271dab0a6df17015392e1158293
-
SHA512
5e6a79d08816f0a20eb372ad32075053e29d9f2582a65740199494209b143337d4dd527cf78f0b08cc2e83b23f656b4d57aee28a4f3d157c25c45aba004ecb9e
-
SSDEEP
12288:YXiF3PPBQI0IrGSdbd4dHlCTO3pb2ASH1SrTlSdS:Ym3PPBQIndYFCT6dS8VS
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-