General
-
Target
MT STENA IMPRESSION Vessel Particulars.exe
-
Size
537KB
-
Sample
240622-x2mq1s1cnc
-
MD5
745ddafbe88e9222832618288e202d5f
-
SHA1
cb937901a71340f77831dfdc60f0c658cef6f71a
-
SHA256
a4ea9049487be50f0c289557af2913d5d4202e3dbeda1355d03dc65561085407
-
SHA512
85e99b33464b34bc0120a2b8ab5e78e6ea425a127f35984c23c5b4afd2def8ef0e1e3f112bba8fb1f281d362cfc1206497cfcfa732bb521c572cb96f6229ee7e
-
SSDEEP
12288:/tu+pbQ+8bw8e4FZp+nOo5PNkDpgKJv/v+PLuSn:/pbQ+Oe4FZkMv/6LB
Static task
static1
Behavioral task
behavioral1
Sample
MT STENA IMPRESSION Vessel Particulars.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
MT STENA IMPRESSION Vessel Particulars.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
http://103.130.147.85
Targets
-
-
Target
MT STENA IMPRESSION Vessel Particulars.exe
-
Size
537KB
-
MD5
745ddafbe88e9222832618288e202d5f
-
SHA1
cb937901a71340f77831dfdc60f0c658cef6f71a
-
SHA256
a4ea9049487be50f0c289557af2913d5d4202e3dbeda1355d03dc65561085407
-
SHA512
85e99b33464b34bc0120a2b8ab5e78e6ea425a127f35984c23c5b4afd2def8ef0e1e3f112bba8fb1f281d362cfc1206497cfcfa732bb521c572cb96f6229ee7e
-
SSDEEP
12288:/tu+pbQ+8bw8e4FZp+nOo5PNkDpgKJv/v+PLuSn:/pbQ+Oe4FZkMv/6LB
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-