General
-
Target
MT STENA IMPRESSION Vessel Particulars.exe
-
Size
557KB
-
Sample
240625-mydntsybpr
-
MD5
c6be69441366e75b3df4a9cea4c7545b
-
SHA1
26fa365d7607606558bed622bac78ac5c90aed3a
-
SHA256
1dbb7ac85b473b9e0cc79d2a523e88d98586642e60f3f9b21ba96fd73a1b6703
-
SHA512
f15af4c55775dd8623eac9dcc7b85ac29303ec3df056ac237d76e4c9cee513934de483e44f3187940a009c7dc358ff8d5b6f5d624903b5ae8f2e2a98d3d393cb
-
SSDEEP
6144:kdiYBgjxxn1bbti1rMlNPOfgxF9Ld3Bo0f5ofnv+SsR7mO9dsGytWjqbAiZ8Xy7F:kajzn9dRVEvaR7l9dVO
Static task
static1
Behavioral task
behavioral1
Sample
MT STENA IMPRESSION Vessel Particulars.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MT STENA IMPRESSION Vessel Particulars.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
MT STENA IMPRESSION Vessel Particulars.exe
-
Size
557KB
-
MD5
c6be69441366e75b3df4a9cea4c7545b
-
SHA1
26fa365d7607606558bed622bac78ac5c90aed3a
-
SHA256
1dbb7ac85b473b9e0cc79d2a523e88d98586642e60f3f9b21ba96fd73a1b6703
-
SHA512
f15af4c55775dd8623eac9dcc7b85ac29303ec3df056ac237d76e4c9cee513934de483e44f3187940a009c7dc358ff8d5b6f5d624903b5ae8f2e2a98d3d393cb
-
SSDEEP
6144:kdiYBgjxxn1bbti1rMlNPOfgxF9Ld3Bo0f5ofnv+SsR7mO9dsGytWjqbAiZ8Xy7F:kajzn9dRVEvaR7l9dVO
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-