Edit tour

Windows Analysis Report
MT Marine Tiger.exe

Overview

General Information

Sample name:	MT Marine Tiger.exe
Analysis ID:	1455418
MD5:	730e2e475c3e7bb87ca8e53f7f31cfdf
SHA1:	dc2b601e25719862f02be67becc9e499ad97d5ab
SHA256:	faebc09f47203bbe599ac368f12622f38255e957d1435e6763c80bf2ebd988bf
Tags:	exeSnakeKeylogger
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected Snake Keylogger

.NET source code references suspicious native API functions

AI detected suspicious sample

Machine Learning detection for sample

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

MT Marine Tiger.exe (PID: 5968 cmdline: "C:\Users\user\Desktop\MT Marine Tiger.exe" MD5: 730E2E475C3E7BB87CA8E53F7F31CFDF)

MT Marine Tiger.exe (PID: 2584 cmdline: "C:\Users\user\Desktop\MT Marine Tiger.exe" MD5: 730E2E475C3E7BB87CA8E53F7F31CFDF)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "rightlut@valleycountysar.org", "Password": "fY,FLoadtsiF", "Host": "valleycountysar.org", "Port": "26"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14781:$a1: get_encryptedPassword 0x14a77:$a2: get_encryptedUsername 0x1458d:$a3: get_timePasswordChanged 0x14688:$a4: get_passwordField 0x14797:$a5: set_encryptedPassword 0x15da1:$a7: get_logins 0x15d04:$a10: KeyLoggerEventArgs 0x1599d:$a11: KeyLoggerEventArgsEventHandler
00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18128:$x1: $%SMTPDV$ 0x1818e:$x2: $#TheHashHere%& 0x197b7:$x3: %FTPDV$ 0x198ab:$x4: $%TelegramDv$ 0x1599d:$x5: KeyLoggerEventArgs 0x15d04:$x5: KeyLoggerEventArgs 0x197db:$m2: Clipboard Logs ID 0x199a7:$m2: Screenshot Logs ID 0x19a73:$m2: keystroke Logs ID 0x1997f:$m4: \SnakeKeylogger\
00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x4aa6b:$x1: In$J$ct0r
00000002.00000002.3725046193.0000000002A08000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xf2f91:$a1: get_encryptedPassword 0x1137c1:$a1: get_encryptedPassword 0x133de1:$a1: get_encryptedPassword 0xf3287:$a2: get_encryptedUsername 0x113ab7:$a2: get_encryptedUsername 0x1340d7:$a2: get_encryptedUsername 0xf2d9d:$a3: get_timePasswordChanged 0x1135cd:$a3: get_timePasswordChanged 0x133bed:$a3: get_timePasswordChanged 0xf2e98:$a4: get_passwordField 0x1136c8:$a4: get_passwordField 0x133ce8:$a4: get_passwordField 0xf2fa7:$a5: set_encryptedPassword 0x1137d7:$a5: set_encryptedPassword 0x133df7:$a5: set_encryptedPassword 0xf45b1:$a7: get_logins 0x114de1:$a7: get_logins 0x135401:$a7: get_logins 0xf4514:$a10: KeyLoggerEventArgs 0x114d44:$a10: KeyLoggerEventArgs 0x135364:$a10: KeyLoggerEventArgs
00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xf6938:$x1: $%SMTPDV$ 0x117168:$x1: $%SMTPDV$ 0x137788:$x1: $%SMTPDV$ 0xf699e:$x2: $#TheHashHere%& 0x1171ce:$x2: $#TheHashHere%& 0x1377ee:$x2: $#TheHashHere%& 0xf7fc7:$x3: %FTPDV$ 0x1187f7:$x3: %FTPDV$ 0x138e17:$x3: %FTPDV$ 0xf80bb:$x4: $%TelegramDv$ 0x1188eb:$x4: $%TelegramDv$ 0x138f0b:$x4: $%TelegramDv$ 0xf41ad:$x5: KeyLoggerEventArgs 0xf4514:$x5: KeyLoggerEventArgs 0x1149dd:$x5: KeyLoggerEventArgs 0x114d44:$x5: KeyLoggerEventArgs 0x134ffd:$x5: KeyLoggerEventArgs 0x135364:$x5: KeyLoggerEventArgs 0xf7feb:$m2: Clipboard Logs ID 0xf81b7:$m2: Screenshot Logs ID 0xf8283:$m2: keystroke Logs ID
00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: MT Marine Tiger.exe PID: 5968	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MT Marine Tiger.exe PID: 5968	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: MT Marine Tiger.exe PID: 5968	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: MT Marine Tiger.exe PID: 5968	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x53926:$a1: get_encryptedPassword 0x53b7b:$a2: get_encryptedUsername 0x53755:$a3: get_timePasswordChanged 0x53837:$a4: get_passwordField 0x5393c:$a5: set_encryptedPassword 0x55753:$a7: get_logins 0x556d4:$a10: KeyLoggerEventArgs 0x55470:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: MT Marine Tiger.exe PID: 5968	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x55470:$x5: KeyLoggerEventArgs 0x556d4:$x5: KeyLoggerEventArgs 0x55eff:$x5: KeyLoggerEventArgs 0x56233:$x5: KeyLoggerEventArgs 0x5779f:$m2: Clipboard Logs ID 0x5787f:$m2: Screenshot Logs ID 0x578b3:$m2: keystroke Logs ID 0x5786b:$m4: \SnakeKeylogger\
Process Memory Space: MT Marine Tiger.exe PID: 2584	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MT Marine Tiger.exe PID: 2584	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: MT Marine Tiger.exe PID: 2584	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1f429:$a1: get_encryptedPassword 0x1f715:$a2: get_encryptedUsername 0x1f23f:$a3: get_timePasswordChanged 0x1f33a:$a4: get_passwordField 0x1f43f:$a5: set_encryptedPassword 0x2185d:$a7: get_logins 0x217c0:$a10: KeyLoggerEventArgs 0x21459:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: MT Marine Tiger.exe PID: 2584	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x21459:$x5: KeyLoggerEventArgs 0x217c0:$x5: KeyLoggerEventArgs 0x220ae:$x5: KeyLoggerEventArgs 0x223e2:$x5: KeyLoggerEventArgs 0x239d6:$m2: Clipboard Logs ID 0x23ab6:$m2: Screenshot Logs ID 0x23aea:$m2: keystroke Logs ID 0x23aa2:$m4: \SnakeKeylogger\
Click to see the 15 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.MT Marine Tiger.exe.5480000.5.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x4aa6b:$x1: In$J$ct0r
0.2.MT Marine Tiger.exe.5480000.5.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x48c6b:$x1: In$J$ct0r
0.2.MT Marine Tiger.exe.3cc7b70.2.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x48c6b:$x1: In$J$ct0r
2.2.MT Marine Tiger.exe.810000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.MT Marine Tiger.exe.810000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
2.2.MT Marine Tiger.exe.810000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
2.2.MT Marine Tiger.exe.810000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14981:$a1: get_encryptedPassword 0x14c77:$a2: get_encryptedUsername 0x1478d:$a3: get_timePasswordChanged 0x14888:$a4: get_passwordField 0x14997:$a5: set_encryptedPassword 0x15fa1:$a7: get_logins 0x15f04:$a10: KeyLoggerEventArgs 0x15b9d:$a11: KeyLoggerEventArgsEventHandler
2.2.MT Marine Tiger.exe.810000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c297:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b4c9:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b8fc:$a4: \Orbitum\User Data\Default\Login Data 0x1c93b:$a5: \Kometa\User Data\Default\Login Data
2.2.MT Marine Tiger.exe.810000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1552a:$s1: UnHook 0x15531:$s2: SetHook 0x15539:$s3: CallNextHook 0x15546:$s4: _hook
2.2.MT Marine Tiger.exe.810000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18328:$x1: $%SMTPDV$ 0x1838e:$x2: $#TheHashHere%& 0x199b7:$x3: %FTPDV$ 0x19aab:$x4: $%TelegramDv$ 0x15b9d:$x5: KeyLoggerEventArgs 0x15f04:$x5: KeyLoggerEventArgs 0x199db:$m2: Clipboard Logs ID 0x19ba7:$m2: Screenshot Logs ID 0x19c73:$m2: keystroke Logs ID 0x19b7f:$m4: \SnakeKeylogger\
0.2.MT Marine Tiger.exe.3d57610.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.MT Marine Tiger.exe.3d57610.3.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.MT Marine Tiger.exe.3d77e40.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.MT Marine Tiger.exe.3d57610.3.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12b81:$a1: get_encryptedPassword 0x12e77:$a2: get_encryptedUsername 0x1298d:$a3: get_timePasswordChanged 0x12a88:$a4: get_passwordField 0x12b97:$a5: set_encryptedPassword 0x141a1:$a7: get_logins 0x14104:$a10: KeyLoggerEventArgs 0x13d9d:$a11: KeyLoggerEventArgsEventHandler
0.2.MT Marine Tiger.exe.3d77e40.4.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.MT Marine Tiger.exe.3d57610.3.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a497:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x196c9:$a3: \Google\Chrome\User Data\Default\Login Data 0x19afc:$a4: \Orbitum\User Data\Default\Login Data 0x1ab3b:$a5: \Kometa\User Data\Default\Login Data
0.2.MT Marine Tiger.exe.3d77e40.4.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12b81:$a1: get_encryptedPassword 0x12e77:$a2: get_encryptedUsername 0x1298d:$a3: get_timePasswordChanged 0x12a88:$a4: get_passwordField 0x12b97:$a5: set_encryptedPassword 0x141a1:$a7: get_logins 0x14104:$a10: KeyLoggerEventArgs 0x13d9d:$a11: KeyLoggerEventArgsEventHandler
0.2.MT Marine Tiger.exe.3d57610.3.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1372a:$s1: UnHook 0x13731:$s2: SetHook 0x13739:$s3: CallNextHook 0x13746:$s4: _hook
0.2.MT Marine Tiger.exe.3d57610.3.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16528:$x1: $%SMTPDV$ 0x1658e:$x2: $#TheHashHere%& 0x17bb7:$x3: %FTPDV$ 0x17cab:$x4: $%TelegramDv$ 0x13d9d:$x5: KeyLoggerEventArgs 0x14104:$x5: KeyLoggerEventArgs 0x17bdb:$m2: Clipboard Logs ID 0x17da7:$m2: Screenshot Logs ID 0x17e73:$m2: keystroke Logs ID 0x17d7f:$m4: \SnakeKeylogger\
0.2.MT Marine Tiger.exe.3d77e40.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a497:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x196c9:$a3: \Google\Chrome\User Data\Default\Login Data 0x19afc:$a4: \Orbitum\User Data\Default\Login Data 0x1ab3b:$a5: \Kometa\User Data\Default\Login Data
0.2.MT Marine Tiger.exe.3d77e40.4.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1372a:$s1: UnHook 0x13731:$s2: SetHook 0x13739:$s3: CallNextHook 0x13746:$s4: _hook
0.2.MT Marine Tiger.exe.3d77e40.4.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x16528:$x1: $%SMTPDV$ 0x1658e:$x2: $#TheHashHere%& 0x17bb7:$x3: %FTPDV$ 0x17cab:$x4: $%TelegramDv$ 0x13d9d:$x5: KeyLoggerEventArgs 0x14104:$x5: KeyLoggerEventArgs 0x17bdb:$m2: Clipboard Logs ID 0x17da7:$m2: Screenshot Logs ID 0x17e73:$m2: keystroke Logs ID 0x17d7f:$m4: \SnakeKeylogger\
0.2.MT Marine Tiger.exe.2cca430.1.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0xa20dc:$x1: In$J$ct0r 0xa30a0:$a1: WriteProcessMemory 0xa312c:$a1: WriteProcessMemory 0xa3200:$a4: VirtualAllocEx 0xa3424:$a4: VirtualAllocEx 0xa34a4:$a4: VirtualAllocEx
0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0xa491c:$x1: In$J$ct0r 0xa58e0:$a1: WriteProcessMemory 0xa596c:$a1: WriteProcessMemory 0xa5a40:$a4: VirtualAllocEx 0xa5c64:$a4: VirtualAllocEx 0xa5ce4:$a4: VirtualAllocEx
0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14981:$a1: get_encryptedPassword 0x34fa1:$a1: get_encryptedPassword 0x14c77:$a2: get_encryptedUsername 0x35297:$a2: get_encryptedUsername 0x1478d:$a3: get_timePasswordChanged 0x34dad:$a3: get_timePasswordChanged 0x14888:$a4: get_passwordField 0x34ea8:$a4: get_passwordField 0x14997:$a5: set_encryptedPassword 0x34fb7:$a5: set_encryptedPassword 0x15fa1:$a7: get_logins 0x365c1:$a7: get_logins 0x15f04:$a10: KeyLoggerEventArgs 0x36524:$a10: KeyLoggerEventArgs 0x15b9d:$a11: KeyLoggerEventArgsEventHandler 0x361bd:$a11: KeyLoggerEventArgsEventHandler
0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c297:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3c8b7:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b4c9:$a3: \Google\Chrome\User Data\Default\Login Data 0x3bae9:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b8fc:$a4: \Orbitum\User Data\Default\Login Data 0x3bf1c:$a4: \Orbitum\User Data\Default\Login Data 0x1c93b:$a5: \Kometa\User Data\Default\Login Data 0x3cf5b:$a5: \Kometa\User Data\Default\Login Data
0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1552a:$s1: UnHook 0x35b4a:$s1: UnHook 0x15531:$s2: SetHook 0x35b51:$s2: SetHook 0x15539:$s3: CallNextHook 0x35b59:$s3: CallNextHook 0x15546:$s4: _hook 0x35b66:$s4: _hook
0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18328:$x1: $%SMTPDV$ 0x38948:$x1: $%SMTPDV$ 0x1838e:$x2: $#TheHashHere%& 0x389ae:$x2: $#TheHashHere%& 0x199b7:$x3: %FTPDV$ 0x39fd7:$x3: %FTPDV$ 0x19aab:$x4: $%TelegramDv$ 0x3a0cb:$x4: $%TelegramDv$ 0x15b9d:$x5: KeyLoggerEventArgs 0x15f04:$x5: KeyLoggerEventArgs 0x361bd:$x5: KeyLoggerEventArgs 0x36524:$x5: KeyLoggerEventArgs 0x199db:$m2: Clipboard Logs ID 0x19ba7:$m2: Screenshot Logs ID 0x19c73:$m2: keystroke Logs ID 0x39ffb:$m2: Clipboard Logs ID 0x3a1c7:$m2: Screenshot Logs ID 0x3a293:$m2: keystroke Logs ID 0x19b7f:$m4: \SnakeKeylogger\ 0x3a19f:$m4: \SnakeKeylogger\
0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14981:$a1: get_encryptedPassword 0x351b1:$a1: get_encryptedPassword 0x557d1:$a1: get_encryptedPassword 0x14c77:$a2: get_encryptedUsername 0x354a7:$a2: get_encryptedUsername 0x55ac7:$a2: get_encryptedUsername 0x1478d:$a3: get_timePasswordChanged 0x34fbd:$a3: get_timePasswordChanged 0x555dd:$a3: get_timePasswordChanged 0x14888:$a4: get_passwordField 0x350b8:$a4: get_passwordField 0x556d8:$a4: get_passwordField 0x14997:$a5: set_encryptedPassword 0x351c7:$a5: set_encryptedPassword 0x557e7:$a5: set_encryptedPassword 0x15fa1:$a7: get_logins 0x367d1:$a7: get_logins 0x56df1:$a7: get_logins 0x15f04:$a10: KeyLoggerEventArgs 0x36734:$a10: KeyLoggerEventArgs 0x56d54:$a10: KeyLoggerEventArgs
0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c297:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3cac7:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x5d0e7:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b4c9:$a3: \Google\Chrome\User Data\Default\Login Data 0x3bcf9:$a3: \Google\Chrome\User Data\Default\Login Data 0x5c319:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b8fc:$a4: \Orbitum\User Data\Default\Login Data 0x3c12c:$a4: \Orbitum\User Data\Default\Login Data 0x5c74c:$a4: \Orbitum\User Data\Default\Login Data 0x1c93b:$a5: \Kometa\User Data\Default\Login Data 0x3d16b:$a5: \Kometa\User Data\Default\Login Data 0x5d78b:$a5: \Kometa\User Data\Default\Login Data
0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1552a:$s1: UnHook 0x35d5a:$s1: UnHook 0x5637a:$s1: UnHook 0x15531:$s2: SetHook 0x35d61:$s2: SetHook 0x56381:$s2: SetHook 0x15539:$s3: CallNextHook 0x35d69:$s3: CallNextHook 0x56389:$s3: CallNextHook 0x15546:$s4: _hook 0x35d76:$s4: _hook 0x56396:$s4: _hook
0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18328:$x1: $%SMTPDV$ 0x38b58:$x1: $%SMTPDV$ 0x59178:$x1: $%SMTPDV$ 0x1838e:$x2: $#TheHashHere%& 0x38bbe:$x2: $#TheHashHere%& 0x591de:$x2: $#TheHashHere%& 0x199b7:$x3: %FTPDV$ 0x3a1e7:$x3: %FTPDV$ 0x5a807:$x3: %FTPDV$ 0x19aab:$x4: $%TelegramDv$ 0x3a2db:$x4: $%TelegramDv$ 0x5a8fb:$x4: $%TelegramDv$ 0x15b9d:$x5: KeyLoggerEventArgs 0x15f04:$x5: KeyLoggerEventArgs 0x363cd:$x5: KeyLoggerEventArgs 0x36734:$x5: KeyLoggerEventArgs 0x569ed:$x5: KeyLoggerEventArgs 0x56d54:$x5: KeyLoggerEventArgs 0x199db:$m2: Clipboard Logs ID 0x19ba7:$m2: Screenshot Logs ID 0x19c73:$m2: keystroke Logs ID
0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xa4421:$a1: get_encryptedPassword 0xc4c51:$a1: get_encryptedPassword 0xe5271:$a1: get_encryptedPassword 0xa4717:$a2: get_encryptedUsername 0xc4f47:$a2: get_encryptedUsername 0xe5567:$a2: get_encryptedUsername 0xa422d:$a3: get_timePasswordChanged 0xc4a5d:$a3: get_timePasswordChanged 0xe507d:$a3: get_timePasswordChanged 0xa4328:$a4: get_passwordField 0xc4b58:$a4: get_passwordField 0xe5178:$a4: get_passwordField 0xa4437:$a5: set_encryptedPassword 0xc4c67:$a5: set_encryptedPassword 0xe5287:$a5: set_encryptedPassword 0xa5a41:$a7: get_logins 0xc6271:$a7: get_logins 0xe6891:$a7: get_logins 0xa59a4:$a10: KeyLoggerEventArgs 0xc61d4:$a10: KeyLoggerEventArgs 0xe67f4:$a10: KeyLoggerEventArgs
0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0xa4fca:$s1: UnHook 0xc57fa:$s1: UnHook 0xe5e1a:$s1: UnHook 0xa4fd1:$s2: SetHook 0xc5801:$s2: SetHook 0xe5e21:$s2: SetHook 0xa4fd9:$s3: CallNextHook 0xc5809:$s3: CallNextHook 0xe5e29:$s3: CallNextHook 0xa4fe6:$s4: _hook 0xc5816:$s4: _hook 0xe5e36:$s4: _hook
0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xa7dc8:$x1: $%SMTPDV$ 0xc85f8:$x1: $%SMTPDV$ 0xe8c18:$x1: $%SMTPDV$ 0xa7e2e:$x2: $#TheHashHere%& 0xc865e:$x2: $#TheHashHere%& 0xe8c7e:$x2: $#TheHashHere%& 0xa9457:$x3: %FTPDV$ 0xc9c87:$x3: %FTPDV$ 0xea2a7:$x3: %FTPDV$ 0xa954b:$x4: $%TelegramDv$ 0xc9d7b:$x4: $%TelegramDv$ 0xea39b:$x4: $%TelegramDv$ 0xa563d:$x5: KeyLoggerEventArgs 0xa59a4:$x5: KeyLoggerEventArgs 0xc5e6d:$x5: KeyLoggerEventArgs 0xc61d4:$x5: KeyLoggerEventArgs 0xe648d:$x5: KeyLoggerEventArgs 0xe67f4:$x5: KeyLoggerEventArgs 0xa947b:$m2: Clipboard Logs ID 0xa9647:$m2: Screenshot Logs ID 0xa9713:$m2: keystroke Logs ID
0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack	MALWARE_Win_DLInjector02	Detects downloader injector	ditekSHen	0x4aa6b:$x1: In$J$ct0r
Click to see the 40 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: MT Marine Tiger.exe

Avira: detected

Found malware configuration

Source: 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "rightlut@valleycountysar.org", "Password": "fY,FLoadtsiF", "Host": "valleycountysar.org", "Port": "26"}

Multi AV Scanner detection for submitted file

Source: MT Marine Tiger.exe

ReversingLabs: Detection: 71%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: MT Marine Tiger.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49704 version: TLS 1.0

Source: MT Marine Tiger.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: MT Marine Tiger.exe, 00000000.00000002.1255521425.0000000005620000.00000004.08000000.00040000.00000000.sdmp, MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 00CCF0B5h	2_2_00CCEEC8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 00CCFA3Fh	2_2_00CCEEC8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	2_2_00CCE3E8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E48945h	2_2_04E48608
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E47751h	2_2_04E474A8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E40741h	2_2_04E40498
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E40FF1h	2_2_04E40D48
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E48001h	2_2_04E47D58
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E46171h	2_2_04E45EC8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E458C1h	2_2_04E45618
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E46A21h	2_2_04E46778
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E40B99h	2_2_04E408F0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E402E9h	2_2_04E40040
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E472FAh	2_2_04E47050
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E48459h	2_2_04E481B0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E45441h	2_2_04E45198
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E47BA9h	2_2_04E47900
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E45D19h	2_2_04E45A70
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E46E79h	2_2_04E46BD0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	2_2_04E433A8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	2_2_04E433B8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 4x nop then jmp 04E465C9h	2_2_04E46320

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 132.226.8.169 132.226.8.169
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49704 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org

Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://103.130.147.85
Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002920000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://reallyfreegeoip.org
Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.91
Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.91$

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.MT Marine Tiger.exe.5480000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.5480000.5.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.2cca430.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects downloader injector Author: ditekSHen
Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects downloader injector Author: ditekSHen
Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 0_2_012DF6D0	0_2_012DF6D0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 0_2_012DD3DC	0_2_012DD3DC
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 0_2_012DF6C0	0_2_012DF6C0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCC1F0	2_2_00CCC1F0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CC6168	2_2_00CC6168
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCB388	2_2_00CCB388
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCC4D0	2_2_00CCC4D0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CC6790	2_2_00CC6790
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCC7B1	2_2_00CCC7B1
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CC98B8	2_2_00CC98B8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CC4B31	2_2_00CC4B31
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCBC32	2_2_00CCBC32
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCCDB1	2_2_00CCCDB1
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCEEC8	2_2_00CCEEC8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCE3D9	2_2_00CCE3D9
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCE3E8	2_2_00CCE3E8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CC35C8	2_2_00CC35C8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_00CCB552	2_2_00CCB552
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4A408	2_2_04E4A408
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4BD38	2_2_04E4BD38
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4B6E8	2_2_04E4B6E8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4D670	2_2_04E4D670
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E48608	2_2_04E48608
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4B0A0	2_2_04E4B0A0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4D028	2_2_04E4D028
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4C9D8	2_2_04E4C9D8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E411A0	2_2_04E411A0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4AA58	2_2_04E4AA58
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4C388	2_2_04E4C388
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E48B58	2_2_04E48B58
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E474A8	2_2_04E474A8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E40488	2_2_04E40488
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E47497	2_2_04E47497
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E40498	2_2_04E40498
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E44430	2_2_04E44430
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E485F8	2_2_04E485F8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E40D48	2_2_04E40D48
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E47D48	2_2_04E47D48
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E47D58	2_2_04E47D58
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4BD30	2_2_04E4BD30
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E40D39	2_2_04E40D39
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E45EC8	2_2_04E45EC8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4B6D9	2_2_04E4B6D9
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E45EB8	2_2_04E45EB8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4D668	2_2_04E4D668
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E45609	2_2_04E45609
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E45618	2_2_04E45618
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4676B	2_2_04E4676B
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E46778	2_2_04E46778
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E43730	2_2_04E43730
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E408E0	2_2_04E408E0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E408F0	2_2_04E408F0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E478F0	2_2_04E478F0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E40040	2_2_04E40040
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E47040	2_2_04E47040
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E47050	2_2_04E47050
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E42807	2_2_04E42807
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E40013	2_2_04E40013
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E42818	2_2_04E42818
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4D018	2_2_04E4D018
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4C9C8	2_2_04E4C9C8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E481A0	2_2_04E481A0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E481B0	2_2_04E481B0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E45198	2_2_04E45198
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E47900	2_2_04E47900
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E45A60	2_2_04E45A60
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E45A70	2_2_04E45A70
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4AA48	2_2_04E4AA48
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4A3F8	2_2_04E4A3F8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E46BC1	2_2_04E46BC1
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E46BD0	2_2_04E46BD0
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E433A8	2_2_04E433A8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E433B8	2_2_04E433B8
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E4C378	2_2_04E4C378
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E46320	2_2_04E46320
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Code function: 2_2_04E46311	2_2_04E46311

Source: MT Marine Tiger.exe, 00000000.00000000.1246433837.0000000000912000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAjlep.exe. vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameExample.dll0 vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1255521425.0000000005620000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1253206246.0000000000E6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameExample.dll0 vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMsftEdit.DLL.MUIj% vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q,\\StringFileInfo\\080904B0\\OriginalFilename vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe, 00000002.00000002.3710187557.00000000005D7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs MT Marine Tiger.exe
Source: MT Marine Tiger.exe	Binary or memory string: OriginalFilenameAjlep.exe. vs MT Marine Tiger.exe

Source: 0.2.MT Marine Tiger.exe.5480000.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 0.2.MT Marine Tiger.exe.5480000.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.MT Marine Tiger.exe.2cca430.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, -B-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, -B-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.5480000.5.raw.unpack, DarkListView.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, DarkListView.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, -B-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, -B-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.MT Marine Tiger.exe.5480000.5.raw.unpack, DarkComboBox.cs	Base64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, DarkComboBox.cs	Base64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@2/2

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MT Marine Tiger.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Mutant created: NULL

Source: MT Marine Tiger.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: MT Marine Tiger.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002A98000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3726309278.00000000038CF000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002A7A000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: MT Marine Tiger.exe

ReversingLabs: Detection: 71%

Source: unknown	Process created: C:\Users\user\Desktop\MT Marine Tiger.exe "C:\Users\user\Desktop\MT Marine Tiger.exe"
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process created: C:\Users\user\Desktop\MT Marine Tiger.exe "C:\Users\user\Desktop\MT Marine Tiger.exe"
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process created: C:\Users\user\Desktop\MT Marine Tiger.exe "C:\Users\user\Desktop\MT Marine Tiger.exe"	Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

File opened: C:\Windows\SysWOW64\MsftEdit.DLL

Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: MT Marine Tiger.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: MT Marine Tiger.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Source: MT Marine Tiger.exe

Static PE information: 0xD3BA803B [Sat Jul 25 14:24:59 2082 UTC]

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Code function: 0_2_05EFC41D push FFFFFF8Bh; iretd

0_2_05EFC41F

Source: MT Marine Tiger.exe

Static PE information: section name: .text entropy: 7.519921721445499

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Memory allocated: 12C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Memory allocated: 2C70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Memory allocated: 4C70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Memory allocated: CC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Memory allocated: 2840000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Memory allocated: 2680000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599516	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599406	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599297	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598817	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598688	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598469	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597985	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597860	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597113	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596985	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596860	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596735	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596610	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596485	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596110	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595985	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595860	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595735	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595610	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595485	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595110	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594985	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594860	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594735	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594610	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594485	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594110	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 593985	Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Window / User API: threadDelayed 1309			Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Window / User API: threadDelayed 8510			Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 6160	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -26747778906878833s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7568	Thread sleep count: 1309 > 30	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7568	Thread sleep count: 8510 > 30	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -599641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -599516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -599406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -599297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -599188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -599063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -598938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -598817s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -598688s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -598469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -598360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -598235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -598110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -597985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -597860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -597735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -597610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -597485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -597360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -597235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -597113s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -596985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -596860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -596735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -596610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -596485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -596360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -596235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -596110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -595985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -595860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -595735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -595610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -595485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -595360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -595235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -595110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -594985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -594860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -594735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -594610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -594485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -594360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -594235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -594110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564	Thread sleep time: -593985s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599516	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599406	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599297	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598817	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598688	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598469	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597985	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597860	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 597113	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596985	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596860	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596735	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596610	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596485	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 596110	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595985	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595860	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595735	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595610	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595485	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 595110	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594985	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594860	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594735	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594610	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594485	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594360	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594235	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 594110	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Thread delayed: delay time: 593985	Jump to behavior

Source: MT Marine Tiger.exe, 00000002.00000002.3711612625.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll a

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs	Reference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Process created: C:\Users\user\Desktop\MT Marine Tiger.exe "C:\Users\user\Desktop\MT Marine Tiger.exe"

Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Users\user\Desktop\MT Marine Tiger.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Users\user\Desktop\MT Marine Tiger.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\MT Marine Tiger.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3725046193.0000000002A08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\MT Marine Tiger.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\MT Marine Tiger.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3725046193.0000000002A08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	11 Process Injection	1 Masquerading	1 OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Email Collection	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	31 Obfuscated Files or Information	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Timestomp	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
MT Marine Tiger.exe	71%	ReversingLabs	ByteCode-MSIL.Spyware.Snakekeylogger
MT Marine Tiger.exe	100%	Avira	HEUR/AGEN.1306843
MT Marine Tiger.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://103.130.147.85	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/q	0%	Avira URL Cloud	safe
https://reallyfreegeoip.org/xml/	0%	Avira URL Cloud	safe
http://checkip.dyndns.org	0%	Avira URL Cloud	safe
http://checkip.dyndns.com	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/	0%	Avira URL Cloud	safe
https://reallyfreegeoip.org/xml/173.254.250.91$	0%	Avira URL Cloud	safe
https://reallyfreegeoip.org/xml/173.254.250.91	0%	Avira URL Cloud	safe
https://reallyfreegeoip.org	0%	Avira URL Cloud	safe
http://reallyfreegeoip.org	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
reallyfreegeoip.org	188.114.97.3	true	true	unknown
checkip.dyndns.com	132.226.8.169	true	false	unknown
checkip.dyndns.org	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	Avira URL Cloud: safe	unknown
https://reallyfreegeoip.org/xml/173.254.250.91	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://reallyfreegeoip.org	MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org	MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.com	MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/173.254.250.91$	MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://103.130.147.85	MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/q	MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://reallyfreegeoip.org	MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002920000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://reallyfreegeoip.org/xml/	MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
132.226.8.169	checkip.dyndns.com	United States		16989	UTMEMUS	false
188.114.97.3	reallyfreegeoip.org	European Union		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1455418
Start date and time:	2024-06-11 20:11:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MT Marine Tiger.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@2/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 98% Number of executed functions: 105 Number of non-executed functions: 22
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target MT Marine Tiger.exe, PID 2584 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: MT Marine Tiger.exe

Simulations

Behavior and APIs

Time	Type	Description
14:12:04	API Interceptor	9984773x Sleep call for process: MT Marine Tiger.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
132.226.8.169	MT Marine Tiger.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	specification details.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Vessel Information.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	rGcsbax.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
	Vsl particulars Packing list.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Particulars.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	MV GOLDEN SCHULTE.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	ORDEM DE COMPRA.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	z25BNjJ88767909876500h.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
	documents_24.5.13YTKargo.pdf.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
188.114.97.3	igcc.exe	Get hash	malicious	FormBook	Browse	www.okbharat.best/976u/?Ktq=EPAdvZ&x0=LcbIMBKHrUlu6g36xJYAjxtTd9FEA5AqBqn1SkrzjOBWV2IrUom/64+35gCpT46aLOm4V6t+Xi15cxz33W19qM3SwyX3pvIwLV8NLR8IhBP5H56WL8wbryU=
	Curriculum Vitae.exe	Get hash	malicious	FormBook	Browse	www.uqdr.cn/yfa0/?ivVh=0WhDsKDlEsw2U2hGDN8VHtGa3OHmwnAep36jQbkxMA/yUt9OY1uk5sHeApFDjZn3CMzAWurlvftixp+c+vBUHrqZNxyOdBfhJs5NvVID/L5N0SuO2A==&Mf7X=qD64
	kfP3Y1Y2Ug.rtf	Get hash	malicious	Lokibot	Browse	alphabetllc.top/alpha/five/fre.php
	Purchase Order.docx.doc	Get hash	malicious	Lokibot	Browse	alphabetllc.top/alpha/five/fre.php
	3hUxV8LEUH.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	securitytransfer.top/EternalSecurebase.php
	OC_20039001.xls	Get hash	malicious	Unknown	Browse	qr-in.com/etLuQLT
	OC_20039001.xls	Get hash	malicious	Unknown	Browse	qr-in.com/etLuQLT
	RFQ_ amesedition.exe	Get hash	malicious	FormBook	Browse	www.gazeta-ufaley.ru/wjr5/
	JDtnp2mcrQvXDeo.exe	Get hash	malicious	FormBook	Browse	www.junongpei.website/cr12/?vR-PWRJ=hbqH0+6cEKSktaOv7h7W3V4Wg/ohMlBc0V5kK/T4Bogen3s03INJcdnv7jcuaOdmhytd&SP=cnE8u2Zp
	example.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/TbaYPT0S/download

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
reallyfreegeoip.org	Invoice Packing List.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	MT Marine Tiger.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Vsl particulars Packing list.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Specification details.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Specification details.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Vsl particulars Packing list.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	specification details.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
checkip.dyndns.com	Invoice Packing List.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	MT Marine Tiger.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	Vsl particulars Packing list.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Specification details.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	Specification details.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Vsl particulars Packing list.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	specification details.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Sales Contract.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	https://shoutout.wix.com/so/c6P07NDxS/c?w=TZKBCXkrVA_LfU5BB-tTV_q5lDeQIvLgoBVjKb-7XVw.eyJ1IjoiaHR0cHM6Ly9mdWxsYmx1bWVmaXRuZXNzYXBpLmNvbS9peXUvb25lZHJpdiIsInIiOiJmNmUzNjM0Ni01MDUyLTQzYjEtODYzMy1hNDBkZTVhNTg3ZmYiLCJtIjoibWFpbCIsImMiOiJlZDQ5ZmRkMC02YjcxLTQ1MjgtODA0ZC1lMzc0N2M4MjZiNmQifQ	Get hash	malicious	HTMLPhisher	Browse	188.114.97.3
	rDHLAWBCOMMERCAILINVOICEANDBILLOFLANDING.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Payment_confirmation.xls	Get hash	malicious	Unknown	Browse	172.67.135.214
	rPROFORMAINVOICE.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	rRO9Q2235.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	Payment_confirmation.xls	Get hash	malicious	Unknown	Browse	104.21.26.96
	Payment_confirmation.xls	Get hash	malicious	Unknown	Browse	104.21.26.96
	Invoice Packing List.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	MT Marine Tiger.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
UTMEMUS	MT Marine Tiger.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	specification details.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	Vessel Information.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	rGcsbax.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	132.226.247.73
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	Vsl particulars Packing list.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	H63wbLUzEQ.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	Particulars.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	Vessel parts.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	Invoice Packing List.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	MT Marine Tiger.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	CTM USD28600.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Vsl particulars Packing list.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Specification details.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Specification details.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Vsl particulars Packing list.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	aou.exe	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.97.3
	opp.exe	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.97.3
	RFQ.js	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	188.114.97.3

Process:	C:\Users\user\Desktop\MT Marine Tiger.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.506422787849671
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	MT Marine Tiger.exe
File size:	377'344 bytes
MD5:	730e2e475c3e7bb87ca8e53f7f31cfdf
SHA1:	dc2b601e25719862f02be67becc9e499ad97d5ab
SHA256:	faebc09f47203bbe599ac368f12622f38255e957d1435e6763c80bf2ebd988bf
SHA512:	497c564b4463e799043ec0a8f6b6028508f18dc53626853660cc8acf46607bf9b3bec166ac1007a5c0b0ccb80a2af751b7bb794644042e041f2e7c07ba9df8f4
SSDEEP:	6144:n97WboCKnLrtLMY+/KK49Y3zR0NiKF5VEEOuNLBRVMygLc95Bxj4v+avgFjuM:FWboCKLBYiK42RcrGEOuN2rUBxyDgE
TLSH:	3D84D05957882E62D0D7CEBA22F384491532F8731D91D3CA18C5CA8E7B36B8D0D8F796
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;............."...0.................. ........@.. ....................... ............`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x45d7ae
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xD3BA803B [Sat Jul 25 14:24:59 2082 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5d754	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x5e000	0x58e	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x60000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x5b7b4	0x5b800	b8f0db9b356758086f7330be0bf1825a	False	0.6747806736680327	data	7.519921721445499	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x5e000	0x58e	0x600	589a930ced6423ab090dccaccb07e22c	False	0.416015625	data	4.03360829072356	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x60000	0xc	0x200	c33c6073384b5031a5c375e9562a997a	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x5e0a0	0x304	data			0.4365284974093264
RT_MANIFEST	0x5e3a4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 11, 2024 20:12:01.889174938 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:01.894030094 CEST	80	49700	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:01.894146919 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:01.895314932 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:01.901696920 CEST	80	49700	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:03.872946978 CEST	80	49700	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:03.877163887 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:03.883836985 CEST	80	49700	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:04.555424929 CEST	80	49700	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:04.598942995 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:04.611870050 CEST	49704	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:04.611902952 CEST	443	49704	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:04.611967087 CEST	49704	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:04.615686893 CEST	49704	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:04.615700960 CEST	443	49704	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.232837915 CEST	443	49704	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.232911110 CEST	49704	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:05.237773895 CEST	49704	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:05.237786055 CEST	443	49704	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.238526106 CEST	443	49704	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.283215046 CEST	49704	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:05.324503899 CEST	443	49704	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.418648958 CEST	443	49704	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.418895960 CEST	443	49704	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.419270039 CEST	49704	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:05.424290895 CEST	49704	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:05.427504063 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:05.432455063 CEST	80	49700	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:05.691842079 CEST	80	49700	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:05.693974972 CEST	49705	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:05.694035053 CEST	443	49705	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.694111109 CEST	49705	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:05.694384098 CEST	49705	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:05.694415092 CEST	443	49705	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:05.739567995 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:06.302851915 CEST	443	49705	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:06.305162907 CEST	49705	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:06.305181026 CEST	443	49705	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:06.443120003 CEST	443	49705	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:06.443391085 CEST	443	49705	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:06.443592072 CEST	49705	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:06.443882942 CEST	49705	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:06.447300911 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:06.448487997 CEST	49707	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:06.452579021 CEST	80	49700	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:06.452714920 CEST	49700	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:06.453294039 CEST	80	49707	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:06.453382969 CEST	49707	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:06.453457117 CEST	49707	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:06.459168911 CEST	80	49707	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:07.336787939 CEST	80	49707	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:07.338363886 CEST	49708	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:07.338459969 CEST	443	49708	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:07.339277983 CEST	49708	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:07.339629889 CEST	49708	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:07.339660883 CEST	443	49708	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:07.380208015 CEST	49707	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:07.947122097 CEST	443	49708	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:07.948554993 CEST	49708	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:07.948622942 CEST	443	49708	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:08.093936920 CEST	443	49708	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:08.094053984 CEST	443	49708	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:08.094139099 CEST	49708	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:08.094501972 CEST	49708	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:08.098825932 CEST	49710	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:08.103773117 CEST	80	49710	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:08.103858948 CEST	49710	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:08.103972912 CEST	49710	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:08.108730078 CEST	80	49710	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:08.981748104 CEST	80	49710	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:08.983205080 CEST	49711	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:08.983300924 CEST	443	49711	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:08.984179020 CEST	49711	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:08.984452009 CEST	49711	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:08.984504938 CEST	443	49711	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:09.036422014 CEST	49710	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:09.597434998 CEST	443	49711	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:09.616352081 CEST	49711	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:09.616425991 CEST	443	49711	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:09.754775047 CEST	443	49711	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:09.755039930 CEST	443	49711	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:09.755120993 CEST	49711	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:09.755532026 CEST	49711	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:09.758958101 CEST	49710	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:09.759973049 CEST	49712	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:09.764847994 CEST	80	49712	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:09.764919996 CEST	49712	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:09.765034914 CEST	49712	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:09.765264034 CEST	80	49710	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:09.765482903 CEST	49710	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:09.770354986 CEST	80	49712	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:10.637487888 CEST	80	49712	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:10.640703917 CEST	49713	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:10.640764952 CEST	443	49713	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:10.641020060 CEST	49713	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:10.641300917 CEST	49713	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:10.641325951 CEST	443	49713	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:10.692672968 CEST	49712	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:11.246037006 CEST	443	49713	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:11.247668982 CEST	49713	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:11.247740984 CEST	443	49713	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:11.396975040 CEST	443	49713	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:11.397098064 CEST	443	49713	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:11.397185087 CEST	49713	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:11.397789955 CEST	49713	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:11.401012897 CEST	49712	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:11.402129889 CEST	49714	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:11.406727076 CEST	80	49712	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:11.406821966 CEST	49712	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:11.406920910 CEST	80	49714	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:11.406989098 CEST	49714	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:11.407100916 CEST	49714	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:11.411947012 CEST	80	49714	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:12.271466017 CEST	80	49714	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:12.284846067 CEST	49715	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:12.284885883 CEST	443	49715	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:12.284966946 CEST	49715	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:12.288414001 CEST	49715	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:12.288428068 CEST	443	49715	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:12.319335938 CEST	49714	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:13.055504084 CEST	443	49715	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:13.093600988 CEST	49715	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:13.093622923 CEST	443	49715	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:13.233118057 CEST	443	49715	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:13.233360052 CEST	443	49715	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:13.233418941 CEST	49715	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:13.239464045 CEST	49715	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:13.273899078 CEST	49714	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:13.274490118 CEST	49716	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:13.279231071 CEST	80	49714	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:13.279303074 CEST	49714	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:13.279660940 CEST	80	49716	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:13.279726982 CEST	49716	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:13.279844999 CEST	49716	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:13.285561085 CEST	80	49716	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:16.147156000 CEST	80	49716	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:16.192723989 CEST	49716	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:16.406577110 CEST	49716	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:16.407387972 CEST	49717	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:16.413171053 CEST	80	49717	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:16.413189888 CEST	80	49716	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:16.413269043 CEST	49716	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:16.413307905 CEST	49717	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:16.413422108 CEST	49717	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:16.420589924 CEST	80	49717	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:18.302597046 CEST	80	49717	132.226.8.169	192.168.2.7
Jun 11, 2024 20:12:18.303992987 CEST	49718	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:18.304033041 CEST	443	49718	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:18.304104090 CEST	49718	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:18.304344893 CEST	49718	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:18.304359913 CEST	443	49718	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:18.348954916 CEST	49717	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:12:18.917104959 CEST	443	49718	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:18.918817043 CEST	49718	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:18.918838978 CEST	443	49718	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:19.064059019 CEST	443	49718	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:19.064254999 CEST	443	49718	188.114.97.3	192.168.2.7
Jun 11, 2024 20:12:19.064316034 CEST	49718	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:12:19.064740896 CEST	49718	443	192.168.2.7	188.114.97.3
Jun 11, 2024 20:13:12.484621048 CEST	80	49707	132.226.8.169	192.168.2.7
Jun 11, 2024 20:13:12.484808922 CEST	49707	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:13:23.437247038 CEST	80	49717	132.226.8.169	192.168.2.7
Jun 11, 2024 20:13:23.437362909 CEST	49717	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:13:58.318372965 CEST	49717	80	192.168.2.7	132.226.8.169
Jun 11, 2024 20:13:58.323515892 CEST	80	49717	132.226.8.169	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 11, 2024 20:12:01.875402927 CEST	53042	53	192.168.2.7	1.1.1.1
Jun 11, 2024 20:12:01.884063005 CEST	53	53042	1.1.1.1	192.168.2.7
Jun 11, 2024 20:12:04.600963116 CEST	58252	53	192.168.2.7	1.1.1.1
Jun 11, 2024 20:12:04.611287117 CEST	53	58252	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 11, 2024 20:12:01.875402927 CEST	192.168.2.7	1.1.1.1	0x2f11	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Jun 11, 2024 20:12:04.600963116 CEST	192.168.2.7	1.1.1.1	0xcb7e	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 11, 2024 20:12:01.884063005 CEST	1.1.1.1	192.168.2.7	0x2f11	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 11, 2024 20:12:01.884063005 CEST	1.1.1.1	192.168.2.7	0x2f11	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Jun 11, 2024 20:12:01.884063005 CEST	1.1.1.1	192.168.2.7	0x2f11	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Jun 11, 2024 20:12:01.884063005 CEST	1.1.1.1	192.168.2.7	0x2f11	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Jun 11, 2024 20:12:01.884063005 CEST	1.1.1.1	192.168.2.7	0x2f11	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Jun 11, 2024 20:12:01.884063005 CEST	1.1.1.1	192.168.2.7	0x2f11	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Jun 11, 2024 20:12:04.611287117 CEST	1.1.1.1	192.168.2.7	0xcb7e	No error (0)	reallyfreegeoip.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Jun 11, 2024 20:12:04.611287117 CEST	1.1.1.1	192.168.2.7	0xcb7e	No error (0)	reallyfreegeoip.org		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49700	132.226.8.169	80	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
Jun 11, 2024 20:12:01.895314932 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jun 11, 2024 20:12:03.872946978 CEST	323	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:03 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 1f9ca4465a9a62c8db233080f3985930 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.91</body></html>
Jun 11, 2024 20:12:03.877163887 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jun 11, 2024 20:12:04.555424929 CEST	323	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:04 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f8e2032b1f724201c614a4ce5c4a0410 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.91</body></html>
Jun 11, 2024 20:12:05.427504063 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jun 11, 2024 20:12:05.691842079 CEST	323	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:05 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f972f1ce6a2df1a7d11f400e5ba723b0 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.91</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49707	132.226.8.169	80	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
Jun 11, 2024 20:12:06.453457117 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jun 11, 2024 20:12:07.336787939 CEST	323	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:07 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 29a6ac10a24a1dc3158b2d0eb2e3f315 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.91</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49710	132.226.8.169	80	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
Jun 11, 2024 20:12:08.103972912 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jun 11, 2024 20:12:08.981748104 CEST	323	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:08 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: ebb431f23e818beaaba928df2be3e431 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.91</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49712	132.226.8.169	80	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
Jun 11, 2024 20:12:09.765034914 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jun 11, 2024 20:12:10.637487888 CEST	323	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:10 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f066bd6bd40c7e133b349c999818bcac Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.91</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49714	132.226.8.169	80	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
Jun 11, 2024 20:12:11.407100916 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jun 11, 2024 20:12:12.271466017 CEST	323	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:12 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: df00b674ec388704d2272f6eade45854 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.91</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49716	132.226.8.169	80	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
Jun 11, 2024 20:12:13.279844999 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jun 11, 2024 20:12:16.147156000 CEST	730	IN	HTTP/1.1 502 Bad Gateway Date: Tue, 11 Jun 2024 18:12:16 GMT Content-Type: text/html Content-Length: 547 Connection: keep-alive X-Request-ID: bd4e59abed93d7cf442d382620a38d1f Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 [TRUNCATED] Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49717	132.226.8.169	80	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
Jun 11, 2024 20:12:16.413422108 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jun 11, 2024 20:12:18.302597046 CEST	323	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:18 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: b8620ed571d850c12709c000cfa88aa9 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.91</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49704	188.114.97.3	443	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-11 18:12:05 UTC	87	OUT	GET /xml/173.254.250.91 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-06-11 18:12:05 UTC	706	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:05 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 40143 Last-Modified: Tue, 11 Jun 2024 07:03:02 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MTxyh%2F37p5B60Qe9DCUrf362xdSw7bTPHj7hHX5PVh%2B97h3q0Mh9USecEjEmLmbNgcKeHNepAIIJgR5ShHmIMn5HDtrZ9ZBvZ0CM%2BWzUDOsid1l1yZpN1SAS6eBbej1X2PAxHg0M"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8923913d6efd45f4-DFW alt-svc: h3=":443"; ma=86400
2024-06-11 18:12:05 UTC	366	IN	Data Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 Data Ascii: 167<Response><IP>173.254.250.91</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
2024-06-11 18:12:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49705	188.114.97.3	443	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-11 18:12:06 UTC	63	OUT	GET /xml/173.254.250.91 HTTP/1.1 Host: reallyfreegeoip.org
2024-06-11 18:12:06 UTC	708	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:06 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 40144 Last-Modified: Tue, 11 Jun 2024 07:03:02 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRMnlKSXQFMaQT6rEVv%2BRHbMAnbTR6qBeaqbhADjlzdAHtnq91VJ%2FSA9Jy%2Fy70E6PkvyPkeN7%2FrqpbvFEcM9eGK8xgUTNWAsyyIKnneuDbyhS8SR5ywLvOqB6aBUOoUABoIpxg9H"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89239143dd1ee80f-DFW alt-svc: h3=":443"; ma=86400
2024-06-11 18:12:06 UTC	366	IN	Data Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 Data Ascii: 167<Response><IP>173.254.250.91</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
2024-06-11 18:12:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49708	188.114.97.3	443	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-11 18:12:07 UTC	63	OUT	GET /xml/173.254.250.91 HTTP/1.1 Host: reallyfreegeoip.org
2024-06-11 18:12:08 UTC	704	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:08 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 40146 Last-Modified: Tue, 11 Jun 2024 07:03:02 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XjA0ZsI615%2FZQ5wqRYCUArvPh5PzZSdRmez4jBJR7sMnLkyCXyvljjARQWzsUMnx0v2ciFzLrpImilqCdvwU7ZHPPDSK%2BnpXDmfzW47Wp5P7bZgUo8nsVzAHarSQO0c9dSJFTAun"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8923914e1f472c96-DFW alt-svc: h3=":443"; ma=86400
2024-06-11 18:12:08 UTC	366	IN	Data Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 Data Ascii: 167<Response><IP>173.254.250.91</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
2024-06-11 18:12:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49711	188.114.97.3	443	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-11 18:12:09 UTC	87	OUT	GET /xml/173.254.250.91 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-06-11 18:12:09 UTC	706	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:09 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 40147 Last-Modified: Tue, 11 Jun 2024 07:03:02 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MLEH74nO7ioe26PJdR4r3TEx7e1JiJD9QLdnqgKRjHhpNscpPRvfRtxVvkE%2FiqugvyOBIFgbV4qrjekUN%2B021bWwyLo6dEIdGv6zuejrQCRj6%2FikPeF6g455jwu0Sl86jnWK5bq6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 892391588f0d4686-DFW alt-svc: h3=":443"; ma=86400
2024-06-11 18:12:09 UTC	366	IN	Data Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 Data Ascii: 167<Response><IP>173.254.250.91</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
2024-06-11 18:12:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49713	188.114.97.3	443	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-11 18:12:11 UTC	87	OUT	GET /xml/173.254.250.91 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-06-11 18:12:11 UTC	714	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:11 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 40149 Last-Modified: Tue, 11 Jun 2024 07:03:02 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ssl%2F3wyZIEtZ0WJDwsE6AMZ4cTBgXl3j4OfX%2Bj9gY4fgJK%2Fo7Cn6bvogj5ncZ%2F1y0J%2BuEfGPGrm%2B3vnkNVKAkvKfJFBIYq0QgSuNtD1XV93DAmt%2FRMjrPwgIzNNtHU5kVNysiehX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89239162b89a2e7b-DFW alt-svc: h3=":443"; ma=86400
2024-06-11 18:12:11 UTC	366	IN	Data Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 Data Ascii: 167<Response><IP>173.254.250.91</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
2024-06-11 18:12:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49715	188.114.97.3	443	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-11 18:12:13 UTC	63	OUT	GET /xml/173.254.250.91 HTTP/1.1 Host: reallyfreegeoip.org
2024-06-11 18:12:13 UTC	708	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:13 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 40151 Last-Modified: Tue, 11 Jun 2024 07:03:02 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j97th%2FAnjYruvJ0ELrJbot%2F7EQ3kc8RHILxP5NYKXSICkLeYA8sN4M3IX9CHNqLJeZzKZXjNYKIVchkWcZJovrd4A%2BNIl0X%2F3k7lpEy28ZWQyjnR4zd7gKkIyQ1PQiIViU1970E4"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8923916e3f82878a-DFW alt-svc: h3=":443"; ma=86400
2024-06-11 18:12:13 UTC	366	IN	Data Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 Data Ascii: 167<Response><IP>173.254.250.91</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
2024-06-11 18:12:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49718	188.114.97.3	443	2584	C:\Users\user\Desktop\MT Marine Tiger.exe

Timestamp	Bytes transferred	Direction	Data
2024-06-11 18:12:18 UTC	87	OUT	GET /xml/173.254.250.91 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-06-11 18:12:19 UTC	706	IN	HTTP/1.1 200 OK Date: Tue, 11 Jun 2024 18:12:19 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 40156 Last-Modified: Tue, 11 Jun 2024 07:03:02 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dfdi9tvq5kLeN5QcoFo0b1ppqTSuzWpeO1BUt53ciFiGKcurKSypRTToyd%2BvyPaeJ1jJkG%2FVgdgGIaszpX0ehj60xZBkDK9dwkhKDttztJ%2BF7Uk7D1WsmpXsmEvuQxX4197vZFzH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89239192aa1b6b5e-DFW alt-svc: h3=":443"; ma=86400
2024-06-11 18:12:19 UTC	366	IN	Data Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 Data Ascii: 167<Response><IP>173.254.250.91</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
2024-06-11 18:12:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	14:11:59
Start date:	11/06/2024
Path:	C:\Users\user\Desktop\MT Marine Tiger.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\MT Marine Tiger.exe"
Imagebase:	0x910000
File size:	377'344 bytes
MD5 hash:	730E2E475C3E7BB87CA8E53F7F31CFDF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: MALWARE_Win_DLInjector02, Description: Detects downloader injector, Source: 00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:12:00
Start date:	11/06/2024
Path:	C:\Users\user\Desktop\MT Marine Tiger.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\MT Marine Tiger.exe"
Imagebase:	0x3e0000
File size:	377'344 bytes
MD5 hash:	730E2E475C3E7BB87CA8E53F7F31CFDF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.3725046193.0000000002A08000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	10.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	52
Total number of Limit Nodes:	4

Executed Functions

Function 012DF6D0 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ffe30a07ed9b144b06e827d6f911f967d0df9214391df0ccbaefa1e7d3747ee
Instruction ID: 070bb124e1070a20ca6f972c49e335204f27c5df08132e5dd5502de850c9bca6
Opcode Fuzzy Hash: 5ffe30a07ed9b144b06e827d6f911f967d0df9214391df0ccbaefa1e7d3747ee
Instruction Fuzzy Hash: 201280B0C81745CAEB10CF65F99C28D3BA1BB8131CBD04A09D2616E2E5DFB8956BCF44

Function 012DF6C0 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5158c72f1a0c7b05115d96321be4c91c971a7eb537c0bec2ee7d6e7b252d5188
Instruction ID: b4c4beeb61048132cf8ea2109bfbc2e748441a62a583732bba17dbb8206044e7
Opcode Fuzzy Hash: 5158c72f1a0c7b05115d96321be4c91c971a7eb537c0bec2ee7d6e7b252d5188
Instruction Fuzzy Hash: 6DC1F3B1C81745CAEB10CF69F89828D3BB1BB85318F904A09D2616F2E1DFB4946BCF44

Function 012DA548 Relevance: 1.7, APIs: 1, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 012DA79E

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a85e7fddd562191f64a9bdd2e2fff6293307bc48953b6d7cdbb85a7bc7b2fe52
Instruction ID: a98902b04d49e789e8d00f42d03eb2764d30b0cce1bb46d674c9470b7d13572b
Opcode Fuzzy Hash: a85e7fddd562191f64a9bdd2e2fff6293307bc48953b6d7cdbb85a7bc7b2fe52
Instruction Fuzzy Hash: 6C713570A10B06CFEB24DF29D145B9ABBF5FF88204F10892DD58AD7A40DB75E846CB91

Function 012DAB90 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012DCB06,?,?,?,?,?), ref: 012DCBC7

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ec6fdcd74be4eb84119b9a4d5e6d7c5a1aa5e35b78c3baa26d57427d60ffebcc
Instruction ID: 504b511678d8b7a504a3b30d2cbae59fe0f3dcaae2127d7d3b9e241bf727e6e9
Opcode Fuzzy Hash: ec6fdcd74be4eb84119b9a4d5e6d7c5a1aa5e35b78c3baa26d57427d60ffebcc
Instruction Fuzzy Hash: ED21E5B5D102089FDB10CFAAD984ADEBBF4EB48310F14841AE954A7350D374A950CFA5

Function 012DCB38 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,012DCB06,?,?,?,?,?), ref: 012DCBC7

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 71adcbf7fe8f39362fb48439c5d52ad9450819d934f95d10032248a2a7075797
Instruction ID: fc7eb04212f77d26a4bcd1eb93e172eee499fb78d804f211c10a4270da9e2d06
Opcode Fuzzy Hash: 71adcbf7fe8f39362fb48439c5d52ad9450819d934f95d10032248a2a7075797
Instruction Fuzzy Hash: AC21E3B5D012489FDB10CFAAD984ADEBBF4EB48310F14841AE958A7350D375A950CFA5

Function 012D9930 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012DAC19,00000800,00000000,00000000), ref: 012DAE2A

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8f9e4842181e738cf5754ded63fc800fbf4976de3af83ca007484b0c41783008
Instruction ID: 346fbd246be15e29b9e131cbacf820ae6a9e2203d801f0f40ab56e464121f9bb
Opcode Fuzzy Hash: 8f9e4842181e738cf5754ded63fc800fbf4976de3af83ca007484b0c41783008
Instruction Fuzzy Hash: C31117B6C103498FDB14CF9AD444BDEFBF4EB48310F10842AD515A7200C375A545CFA9

Function 012DADB8 Relevance: 1.6, APIs: 1, Instructions: 51
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012DAC19,00000800,00000000,00000000), ref: 012DAE2A

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f46f3dbec884ab631ef8227a906a91368fb29fd21040ea917016937204c542c8
Instruction ID: b02825500ef5519f9d0d40c2f89f35fffd59fd74ed593fa9982b938f34b14d49
Opcode Fuzzy Hash: f46f3dbec884ab631ef8227a906a91368fb29fd21040ea917016937204c542c8
Instruction Fuzzy Hash: 881123B6C003098FDB14CFAAD544BDEFBF4AB48310F14842AD919A7200C379A549CFA5

Function 05EF21C4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,05EF2D49,?,?), ref: 05EF2EF0

Memory Dump Source

Source File: 00000000.00000002.1255770341.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ef0000_MT Marine Tiger.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 820d528122c616f3aff101f259b4d717d99cd8f4eec453fac64172ddf4d9a3fc
Instruction ID: 65c570b42772d2bb7d26d816141ea8a38a44a17266e7b6f48015ea85fdf40f5e
Opcode Fuzzy Hash: 820d528122c616f3aff101f259b4d717d99cd8f4eec453fac64172ddf4d9a3fc
Instruction Fuzzy Hash: EC1128B6C003498FDB20DF99C545BDEBBF4EB48320F20841AD659A7340D738A944CFA5

Function 05EF2E90 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,05EF2D49,?,?), ref: 05EF2EF0

Memory Dump Source

Source File: 00000000.00000002.1255770341.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ef0000_MT Marine Tiger.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 287b1ba3fc1bf54ab4f76a9de300cc4d6fb548ff4c03fae68690b86609da34e1
Instruction ID: 3e3957bfda58d13324af8d5bc68dcdb4773dfb952bd6af1430f3dac129a94721
Opcode Fuzzy Hash: 287b1ba3fc1bf54ab4f76a9de300cc4d6fb548ff4c03fae68690b86609da34e1
Instruction Fuzzy Hash: 581125B6C003498FDB20DF9AC545BDEBBF4EB48324F20841AD958A7740D739A944CFA9

Function 012DA738 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 012DA79E

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 14ba9c0bc022af59fbf5acc8b98bfdb734504cf61a64c1b0741a11c171f00a81
Instruction ID: 13d02811affe196ec53f47c9e73d6210aecffc3b8a88f8ba872e189572b49f0e
Opcode Fuzzy Hash: 14ba9c0bc022af59fbf5acc8b98bfdb734504cf61a64c1b0741a11c171f00a81
Instruction Fuzzy Hash: 121110B6C002498FDB24CFAAC844BDEFBF4EF88214F10841AD919A7200C379A545CFA5

Function 05EF8A54 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 05EFAAE5

Memory Dump Source

Source File: 00000000.00000002.1255770341.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ef0000_MT Marine Tiger.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d01795c5e9765bae389629bf6311532b12371e0a5db30bb366f371e1ae8810d1
Instruction ID: 45e69130932227c8b6e2c2562cacca6a5d626d6424ac1b253e11a7dc0c8c1489
Opcode Fuzzy Hash: d01795c5e9765bae389629bf6311532b12371e0a5db30bb366f371e1ae8810d1
Instruction Fuzzy Hash: 201133B5C003489FDB20DF9AC984BDEBBF8FB48310F10841AE558AB200C379A944CFA5

Function 05EFAA80 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 05EFAAE5

Memory Dump Source

Source File: 00000000.00000002.1255770341.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ef0000_MT Marine Tiger.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 8f4e4079bc6b48ddfe8345f001839ce400a27f49a33c6d22ef95b56cfa1fa54b
Instruction ID: dd0ba3619dc44a299631256cf3287af68026c7ae6ce3b5ed6a59234ff410be09
Opcode Fuzzy Hash: 8f4e4079bc6b48ddfe8345f001839ce400a27f49a33c6d22ef95b56cfa1fa54b
Instruction Fuzzy Hash: 171103B5C003499FDB10DF9AC985BDEBBF8FB48314F10881AE558A7600C379A944CFA5

Function 0126D5B8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1253747049.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_126d000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4da405645e89a18e6f2ad3f5273dd79addcc87e58a3353ad6d481dfd3abcd1c7
Instruction ID: 65be9e6b5e77839b2b8231c89d3f2c2591eba9229b16673e5b2016437a7c629e
Opcode Fuzzy Hash: 4da405645e89a18e6f2ad3f5273dd79addcc87e58a3353ad6d481dfd3abcd1c7
Instruction Fuzzy Hash: 3E21487161420CDFDF15DF54E9C0F16BBA9FB88314F20856DE9490B296C336D896CAA2

Function 0127D1EC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1253792300.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3136717be61724afb5440c4af08ec226f5eac97279178c809ab6f0688f0e7e10
Instruction ID: 6c0e54aaa8ee86b8d636b14f8b3e8af5b8b238b7cc31d06707316c4457ae00a8
Opcode Fuzzy Hash: 3136717be61724afb5440c4af08ec226f5eac97279178c809ab6f0688f0e7e10
Instruction Fuzzy Hash: ED212571514308AFDB15DFA4D5C0B16BBA5FF84324F20C56DE9090B253C376D847CAA1

Function 0127D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1253792300.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9b9708b623375e21f82ffb0bde193361e455a511aa8f5794bbec454aa1fd3e
Instruction ID: ad2c8e572c5f17bc02565aad1bf2a4418e9b25e24cfc41b70cf67dcf33ddcda6
Opcode Fuzzy Hash: 6e9b9708b623375e21f82ffb0bde193361e455a511aa8f5794bbec454aa1fd3e
Instruction Fuzzy Hash: C3210075614208EFDB16DF64D980B17BBA1EF84314F20C56DE90A0B282C376D447CA62

Function 0127D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1253792300.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c831f8c11e35fa3d26831e49e5c000b76c6f2b4106a1676263621e8c9dc92400
Instruction ID: df11f5c5d487ddc942dbcec3013efc652b4f9e042c06154dbb3d22674c4e9ccf
Opcode Fuzzy Hash: c831f8c11e35fa3d26831e49e5c000b76c6f2b4106a1676263621e8c9dc92400
Instruction Fuzzy Hash: EC217C755093848FCB13CF24D994716BF71EF46314F28C5EAD9498B6A7C33A980ACB62

Function 0126D5B3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1253747049.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_126d000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
Instruction ID: 4da747c9adb31bbc0ff312a088b583efcdacf240f272d5be8445a64aa33373eb
Opcode Fuzzy Hash: b6c069b3d400d01fa3022dda7a4192202465086b1da4fe746ff97b9e65d68317
Instruction Fuzzy Hash: 5A11E176504288CFCF16CF54E5C4B16BF71FB84314F2486A9D9490B657C336D896CBA2

Function 0127D1E7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1253792300.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_127d000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
Instruction ID: a5a01ca0b0e7f57678f257377784e3c59b94659848dd890c20e514bc41b402c4
Opcode Fuzzy Hash: e020fc52024e7c20771691695641137c464337d5c785334117d46b726f4046fe
Instruction Fuzzy Hash: 6D11BB75504284CFDB12CF64D5C4B16BBA2FF84324F28C6A9D9094B657C33AD40ACBA1

Non-executed Functions

Function 012DD3DC Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1254014377.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_12d0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1619d6db807ddea3357046de29b61582d0d2290ec457d8c7f421a723485f89dc
Instruction ID: 88bd743b0cf3132180337f3303c3453856286c9295ede45981a3c25d6dd81825
Opcode Fuzzy Hash: 1619d6db807ddea3357046de29b61582d0d2290ec457d8c7f421a723485f89dc
Instruction Fuzzy Hash: FEA15C32E1061ACFCF05DFA4C8845EEBBB2FF84300B15856AE905AF261DB71E956CB50

Analysis Process: MT Marine Tiger.exePID: 2584, Parent PID: 5968COMMON

Executed Functions

Function 00CC6790 Relevance: 6.7, Strings: 5, Instructions: 468COMMON

Download Yara Rule

Strings

,q, xrefs: 00CC6A60
(oq, xrefs: 00CC69E8
(oq, xrefs: 00CC6D05
,q, xrefs: 00CC6A52
(oq, xrefs: 00CC69DA

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$,q$,q
API String ID: 0-189141485
Opcode ID: 14100d45e668cd99eeb601ebfb1c530c4cdc911becfe1f41cff352bd1bc45da8
Instruction ID: 4ea8f56e1a2e1bb28a113259291d9ad3af2af8fcba7e3e2912ca6e30e75b00f1
Opcode Fuzzy Hash: 14100d45e668cd99eeb601ebfb1c530c4cdc911becfe1f41cff352bd1bc45da8
Instruction Fuzzy Hash: 14123970A002199FDB14CFA9DA94FAEBBB2FF88304F158069E455EB2A1D730DD42DB50

Function 00CC98B8 Relevance: 3.4, Strings: 2, Instructions: 858COMMON

Download Yara Rule

Strings

4'q, xrefs: 00CCA2D3
(oq, xrefs: 00CC9CD8

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: (oq$4'q
API String ID: 0-1336004174
Opcode ID: 6aad8987d06e4d2d999c095070395e2568af065ec6937f3fcd2b431e648325b4
Instruction ID: b6e5ec2b241dc509de8f9605861b7df2ae67c678b3eb53224e3773c68025cc89
Opcode Fuzzy Hash: 6aad8987d06e4d2d999c095070395e2568af065ec6937f3fcd2b431e648325b4
Instruction Fuzzy Hash: 78725970A00219DFCB15CFA8D888FAEBBB2FF89314F158559E81A9B261D731ED41CB51

Function 00CC6168 Relevance: 3.0, Strings: 2, Instructions: 515COMMON

Download Yara Rule

Strings

(oq, xrefs: 00CC66A2
Hq, xrefs: 00CC656E

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: (oq$Hq
API String ID: 0-2917151738
Opcode ID: efd62c93a424642c9a10bf44af0313b996f7f541655a77c6a6890b3f1d14a7a9
Instruction ID: c61566380aa36079e94acbe1ca5f7a7bb049f4330e3f4a0037cf4c80d686a01a
Opcode Fuzzy Hash: efd62c93a424642c9a10bf44af0313b996f7f541655a77c6a6890b3f1d14a7a9
Instruction Fuzzy Hash: 45126D70A002598FDB14DF69D994BAEBBF2BF88304F24852DE4169B3A5DB349D41CB50

Function 00CC35C8 Relevance: 2.9, Strings: 2, Instructions: 436COMMON

Download Yara Rule

Strings

$q, xrefs: 00CC35EE
Xq, xrefs: 00CC3607

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: Xq$$q
API String ID: 0-855381642
Opcode ID: b537a4325a64bfec2d85dd4391e1ff8ca6c0b417effe6ea1a489e78f7333b841
Instruction ID: 7c3eaebe4a746209953b3350b66a610c84fefcbbe0e45eb1517305260794edb6
Opcode Fuzzy Hash: b537a4325a64bfec2d85dd4391e1ff8ca6c0b417effe6ea1a489e78f7333b841
Instruction Fuzzy Hash: 20F14F74F04248DFDB08DFB5D854AAEBBB2BF89300B24856EE406E7395DB349902CB51

Function 00CCB388 Relevance: 2.9, Strings: 2, Instructions: 354COMMON

Download Yara Rule

Strings

PHq, xrefs: 00CCB7A7
PHq, xrefs: 00CCB7B8

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: b7349401add0699ea86938c5cbc84460d6f76a23fc6132d47eaa9a42a1d85b2c
Instruction ID: 1b0f487a41d2b5e0f175df901ca4d592042a7950b8602dbb0c0fdaa0656729fc
Opcode Fuzzy Hash: b7349401add0699ea86938c5cbc84460d6f76a23fc6132d47eaa9a42a1d85b2c
Instruction Fuzzy Hash: 61E1E875A04658CFDB14CFA9D985B9DBBB1BF88310F1580A9E819AB362DB30AD41CF50

Function 04E48B58 Relevance: 2.8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

Strings

PHq, xrefs: 04E48E9A
PHq, xrefs: 04E48EAB

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 44e7c949ae1c27690f3ad2a369131f4b5e97b6f8c9380316f3837dc6f31bcd12
Instruction ID: e49385cfb8a28a61943038eb8c865335cad8e68f59ed4a8263d190191981a250
Opcode Fuzzy Hash: 44e7c949ae1c27690f3ad2a369131f4b5e97b6f8c9380316f3837dc6f31bcd12
Instruction Fuzzy Hash: E8A11675D042188FDB54DFA9D8897DDBBB2FF89300F1081A9C81AAB351EB345946CF91

Function 00CCC1F0 Relevance: 2.7, Strings: 2, Instructions: 201COMMON

Download Yara Rule

Strings

PHq, xrefs: 00CCC447
PHq, xrefs: 00CCC458

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 26ffe91baae2abe3590ba8829e7b8f43cdb47dfdbf00bb03dedeca9d81b1568a
Instruction ID: 8ed8f4063cad50e67b23b939ba73dd0814020a5b27cb27e98344612f2fc5f155
Opcode Fuzzy Hash: 26ffe91baae2abe3590ba8829e7b8f43cdb47dfdbf00bb03dedeca9d81b1568a
Instruction Fuzzy Hash: 2F91A174E00248CFDB14DFAAD994B9DBBF2BF88310F24C069E819AB265DB709941DF50

Function 00CCC7B1 Relevance: 2.7, Strings: 2, Instructions: 191COMMON

Download Yara Rule

Strings

PHq, xrefs: 00CCCA07
PHq, xrefs: 00CCCA18

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 4c7239422cfb624e2397f308818eb0cbb52a5b1a40955b547d8a70975816b8fe
Instruction ID: 6ef6e1f298db22b0b4edb43f7b5135e48d18cc11f5a4b166f492cf0f67afc53b
Opcode Fuzzy Hash: 4c7239422cfb624e2397f308818eb0cbb52a5b1a40955b547d8a70975816b8fe
Instruction Fuzzy Hash: DF81A374E00618CFEB14DFAAD984B9DBBF2BF88310F249069E419AB365DB709941CF50

Function 00CC4B31 Relevance: 2.7, Strings: 2, Instructions: 187COMMON

Download Yara Rule

Strings

PHq, xrefs: 00CC4D99
PHq, xrefs: 00CC4D88

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: bb0036db2d1d486e2d3aa169100b3efecabe8d1091aaf93f53d0e08baf327dc8
Instruction ID: 14783d280b955998cae8d0c8b35d06bda07206b151e5113b68afd8f75ffa4a10
Opcode Fuzzy Hash: bb0036db2d1d486e2d3aa169100b3efecabe8d1091aaf93f53d0e08baf327dc8
Instruction Fuzzy Hash: 3881A474E002188FDB18DFAAD994B9DBBF2BF88310F14C069E419AB365DB749981CF50

Function 00CCCDB1 Relevance: 2.7, Strings: 2, Instructions: 187COMMON

Download Yara Rule

Strings

PHq, xrefs: 00CCD007
PHq, xrefs: 00CCD018

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 7512197dbd0ea898de8b678e8bd638b442f36fea3ec9c5f9eee0af2c59d4e4b6
Instruction ID: 743f4e0f34fa2fb54165cf719c34edaa374e64b1a035c7c6ad2630268232ab89
Opcode Fuzzy Hash: 7512197dbd0ea898de8b678e8bd638b442f36fea3ec9c5f9eee0af2c59d4e4b6
Instruction Fuzzy Hash: 1081A374E00618CFEB14DFAAD984B9DBBF2BF88300F149069E819AB365DB705946CF50

Function 00CCC4D0 Relevance: 2.7, Strings: 2, Instructions: 184COMMON

Download Yara Rule

Strings

PHq, xrefs: 00CCC727
PHq, xrefs: 00CCC738

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 5d0d4e55a39a0b3d4b4ed246590f0530b81e947b9697667cbcf5d66063d2fb9d
Instruction ID: 7a01f55c79902ab3da81676e4c9f15e63e6efb4a0efc8d0d6bd9606fded1d8dc
Opcode Fuzzy Hash: 5d0d4e55a39a0b3d4b4ed246590f0530b81e947b9697667cbcf5d66063d2fb9d
Instruction Fuzzy Hash: C781A274E00618CFEB14DFAAD984B9DBBF2BF88300F249069E419AB365DB705941DF50

Function 00CCBC32 Relevance: 2.7, Strings: 2, Instructions: 183COMMON

Download Yara Rule

Strings

PHq, xrefs: 00CCBE98
PHq, xrefs: 00CCBE87

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: b0e96574652e4c02a026de7d512f8f76bfa489d2902d5cc523817631312279a8
Instruction ID: b8b3403a80b11c51efccdbadde29ed2184b871231cee6eeed91d03182a9b4a18
Opcode Fuzzy Hash: b0e96574652e4c02a026de7d512f8f76bfa489d2902d5cc523817631312279a8
Instruction Fuzzy Hash: A0819274E006188FEB14DFAAD985B9DBBF2BF88300F248069E419AB365DB709D41CF50

Function 00CCB552 Relevance: 2.6, Strings: 2, Instructions: 150COMMON

Download Yara Rule

Strings

PHq, xrefs: 00CCB7A7
PHq, xrefs: 00CCB7B8

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: PHq$PHq
API String ID: 0-1274609152
Opcode ID: 6ec5b80684cc5bdfe63d349ecb1c62f8a69c1cd45411a3638b74679bb0fbf4ba
Instruction ID: 27f9acfae67baa374ff179162fb629f47bf5134e99ac00dd4980b37c4a714d18
Opcode Fuzzy Hash: 6ec5b80684cc5bdfe63d349ecb1c62f8a69c1cd45411a3638b74679bb0fbf4ba
Instruction Fuzzy Hash: 4561A674E006089FDB18DFA6D945B9DBBF2BF88300F24D069E818AB365DB745941CF50

Function 04E411A0 Relevance: .7, Instructions: 745COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 510fcf32c27fd61c931138fc751f73bd14648689369be40d09569ce4a4c5bc9b
Instruction ID: b1a31aa084f661dc47bdf2d663c375ff7a6b3d73f45083c2258d45038acdde2c
Opcode Fuzzy Hash: 510fcf32c27fd61c931138fc751f73bd14648689369be40d09569ce4a4c5bc9b
Instruction Fuzzy Hash: 00829074E012688FEB64DF65DC98BDDBBB2BB88300F1481E9940DA7261DB319E85DF41

Function 00CCEEC8 Relevance: .7, Instructions: 716COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b01e6433dca094147f979d5ea6547b16ebec082bcf4630ac2027366628eb7b
Instruction ID: 0e511cb4f3f6d99c147e4fdd920efe26eac3c3dee750fd74b4841c796c209d35
Opcode Fuzzy Hash: c6b01e6433dca094147f979d5ea6547b16ebec082bcf4630ac2027366628eb7b
Instruction Fuzzy Hash: A772A074E012298FDB64DF69C984BDDBBB2BB49300F1481E9D449AB365DB349E82CF50

Function 04E48608 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d49f32e63967869400f67d25d0c30a1fcdafa1cfbb1d3f05deeb6aa3560a4b
Instruction ID: eb489fe34faa2b0f453fe791b30397de46db47f81a15f4c52defdae1730de51a
Opcode Fuzzy Hash: 18d49f32e63967869400f67d25d0c30a1fcdafa1cfbb1d3f05deeb6aa3560a4b
Instruction Fuzzy Hash: 46E1E274E01218CFEB64DFA5D984BDDBBB2BF88304F2081A9D409AB394DB355A85DF14

Function 04E4A408 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67edaa79031490c449a5208a15dc96515c5d84a8eb5e923cef0c65c358c7c59e
Instruction ID: 586299435105b355d61edd9ddea41135cb781bf6b81d069758ac114e31d9c91c
Opcode Fuzzy Hash: 67edaa79031490c449a5208a15dc96515c5d84a8eb5e923cef0c65c358c7c59e
Instruction Fuzzy Hash: 37A1A1B4E016188FEB68CF6AD944B9DBBF2BF89310F14D0AAD40DA7255DB345A85CF10

Function 04E4C9D8 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cacb17422c22810769042259a87f569d804fe2cf71ba6d654a58575fda848b4b
Instruction ID: 4e1a2c626f6380500bd49a49b7c30d2c34df79ef91a0b3ed7ce79721e761ba8f
Opcode Fuzzy Hash: cacb17422c22810769042259a87f569d804fe2cf71ba6d654a58575fda848b4b
Instruction Fuzzy Hash: 26A1A274E016288FEB28CF6AD944B9DBBF2BF89300F14D1AAD40DA7255DB345A85CF10

Function 04E4BD38 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56da6add25db9b96441e8bc9cd82784eda440a7a2cd94d44ea1e347ef9c06207
Instruction ID: c2b9d521a2d28e29c7fb1228cbe292769ab6c8a38c878b39c886e23fd5ec35e7
Opcode Fuzzy Hash: 56da6add25db9b96441e8bc9cd82784eda440a7a2cd94d44ea1e347ef9c06207
Instruction Fuzzy Hash: 9FA1A174E016188FEB28CF6AD944B9DBBF2BF89300F14D0AAD50DA7255DB349A85CF11

Function 04E4B6E8 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca7da162a09f0f3f4c8a070dc16e9b42ffe2bec9d51023741313f0af8d93d60f
Instruction ID: 27d2d2b778ff0b447e06237efad70205877f9a16d97ce1847c1ef66caf26b65d
Opcode Fuzzy Hash: ca7da162a09f0f3f4c8a070dc16e9b42ffe2bec9d51023741313f0af8d93d60f
Instruction Fuzzy Hash: 61A19374E012188FEB18CF6AD944B9DBBF2BF89300F14D0AAD40CA7255DB74AA85CF10

Function 04E4D670 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f437273bf30477a27b3ed10d2662af241b1b66c7a7bfb79a5b05bcdbe86af6f
Instruction ID: 97d111a3500670fafc8de2c14b0d04f75a19166d856fb08fc22d8949c6e49ff6
Opcode Fuzzy Hash: 6f437273bf30477a27b3ed10d2662af241b1b66c7a7bfb79a5b05bcdbe86af6f
Instruction Fuzzy Hash: 02A19075E012288FEB28CF6AD944B9DBBF2BF89300F14D0AAD40DA7255DB745A85CF50

Function 04E4C388 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edb64e984a58346bde661d672b7a0d6a1691cb95d3301ad3d61c2884d2ebfc1f
Instruction ID: fd89b1ca36e48b95400d71d6ecc5c8e33c56ee8af5d098aa726bda82118cf61f
Opcode Fuzzy Hash: edb64e984a58346bde661d672b7a0d6a1691cb95d3301ad3d61c2884d2ebfc1f
Instruction Fuzzy Hash: 3BA1B274E012188FEB28CF6AD944B9DBBF2AF89300F14D0AAD50CA7255DB345A85CF10

Function 04E4B0A0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ced24554f93480bb727989780eae52f2648b31c13644b61d7fea47103960771f
Instruction ID: 8c33bd95299aa07dcb666a80d6ee7399dafae063fea548a8d6b81d4d4e252ee3
Opcode Fuzzy Hash: ced24554f93480bb727989780eae52f2648b31c13644b61d7fea47103960771f
Instruction Fuzzy Hash: 51A1A274E016188FEB68CF6AD944B9DBBF2BF89300F14D1AAD40CA7254DB349A85CF14

Function 04E4D028 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af1bab829509e67a2d01da8a40061868e977d55cb751f15d927f01bb88fac88
Instruction ID: a0c786ced82b942f339d142db7ec487e3b8d871121de499cdee560a3c9615fa1
Opcode Fuzzy Hash: 8af1bab829509e67a2d01da8a40061868e977d55cb751f15d927f01bb88fac88
Instruction Fuzzy Hash: 98A1A274E012188FEB68CF6AD944B9DFBF2AF89300F14D1AAD40CA7255DB345A85CF54

Function 04E4AA58 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db5aded2539661d7f4d84c4cb0892c6fcbc7d8fb087c7db4cffca9b836919ad9
Instruction ID: 956562e14ee6de65944e3ae072f0083bdd1505612c2457eacd568516fdbfe0fb
Opcode Fuzzy Hash: db5aded2539661d7f4d84c4cb0892c6fcbc7d8fb087c7db4cffca9b836919ad9
Instruction Fuzzy Hash: 9DA1A074E016288FEB68CF6AD944B9DFBF2AF89300F14D0AAD40CA7255DB745A85CF50

Function 04E4D018 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 762bce1027099fc3319a56919a20c50432dcfbd5462c912434b67e5c50ee386e
Instruction ID: 9bebec2683a7503a5e1d82bd325479036857db2c385230cc30138c53010cf99f
Opcode Fuzzy Hash: 762bce1027099fc3319a56919a20c50432dcfbd5462c912434b67e5c50ee386e
Instruction Fuzzy Hash: 2C81A570E016188FEB68CF6AD944B9DFBF2AF89300F14C1AAD40DA7255DB345A85CF50

Function 04E4AA48 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 853ac4007197c772c7b461e2459a344bb144d0085c58db8f0759cbc557561585
Instruction ID: 1cc5c2367f7c4f6417ec53901b93e478ceda9c6fd0f605d8f221fa401129757d
Opcode Fuzzy Hash: 853ac4007197c772c7b461e2459a344bb144d0085c58db8f0759cbc557561585
Instruction Fuzzy Hash: E9719571E006188FEB68CF6AD944B9DBBF2AF89300F14C0EAD40DA7265DB745A85CF50

Function 04E485F8 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfb1448c311fbe025af9426f42af24f526693d700eac7f1ae12a996da95c6997
Instruction ID: 8cb369be489f3b43fddf21781993e06602d8b765c8647e794aec12b291f126f4
Opcode Fuzzy Hash: bfb1448c311fbe025af9426f42af24f526693d700eac7f1ae12a996da95c6997
Instruction Fuzzy Hash: 0D4106B4E006488FEB58EFAAD8547DEBBF2BF88300F14D069C458AB290DB755945CF54

Function 04E4C9C8 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2817b9c101709692084564245181b4fa3fe0f42ce5e7725cc3c32ab1ab5947f0
Instruction ID: 540233b542d0f953ba7d2838b9a0f3ef88533660730dab09399430d578d50226
Opcode Fuzzy Hash: 2817b9c101709692084564245181b4fa3fe0f42ce5e7725cc3c32ab1ab5947f0
Instruction Fuzzy Hash: B04157B1E016188BEB58CF6BD95578AFBF3AFC9300F14C1AAC40CA7265DB740A858F51

Function 04E4A3F8 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f737b090732d844f63cfd2a4098e8ad4f7eb9480bda278e522d10a73a71ace4d
Instruction ID: 8a394b16b5fbbce8f20cc1b65c800c84bb19e5b0ec612b5e0aed39e550dd11bf
Opcode Fuzzy Hash: f737b090732d844f63cfd2a4098e8ad4f7eb9480bda278e522d10a73a71ace4d
Instruction Fuzzy Hash: 0F415AB1E016188BEB58CF6BD9457CAFBF3AFC8310F14C1AAC50CA6265EB7409858F51

Function 04E4C378 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9c363750039451b8199d8ac35e5609e5c0460f583ced8f84a3882d628662283
Instruction ID: ec23155f2ac95b5f836a367619a2235ccdc643e60eb9b8ce827aa8ba2aed2fe3
Opcode Fuzzy Hash: f9c363750039451b8199d8ac35e5609e5c0460f583ced8f84a3882d628662283
Instruction Fuzzy Hash: 22416A71D016188BEB58CF6BD9457CAFAF3AFC9300F14C1AAC50CA7264EB740A858F51

Function 04E4B6D9 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca726c41ac9890fa019c4db97fa2f76ecdae880ba2a74b32165159814fc1a04
Instruction ID: d71a8fae1e83d2fcec386aff81c6d03777e72b6f2394a4da91f15a835bc1a327
Opcode Fuzzy Hash: 4ca726c41ac9890fa019c4db97fa2f76ecdae880ba2a74b32165159814fc1a04
Instruction Fuzzy Hash: B84178B1E016188BEB58CF6BD9457CAFBF3AFC8300F14C1AAC40CA6264DB745A858F51

Function 04E4BD30 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91a4e803c2ed46bcee6a0a640dce29c795f77c00506e38f76ee0ffc2e682a67b
Instruction ID: 1e9e96cc3437acc90c9966526a329c40bf951e0285344151a2a28d48c1031381
Opcode Fuzzy Hash: 91a4e803c2ed46bcee6a0a640dce29c795f77c00506e38f76ee0ffc2e682a67b
Instruction Fuzzy Hash: 99416A71E016188FEB58CF6BD9457DAFAF3AFC9300F14C1AAC50CA6264DB744A858F50

Function 04E4D668 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8949290dbea0ea10aec4259adf34478b152df035aef772a3090200a3afb25498
Instruction ID: a75b42e485a30c548491e822a03bcbc16818b6087824eeff4e63c5d0dd29ca55
Opcode Fuzzy Hash: 8949290dbea0ea10aec4259adf34478b152df035aef772a3090200a3afb25498
Instruction Fuzzy Hash: 7A4149B1D016188BEB58CF6BDD557DAFAF3AFC9300F14C1AAC50CA6264DB7409858F51

Function 00CC6EB8 Relevance: 10.5, Strings: 8, Instructions: 477COMMON

Download Yara Rule

Strings

(oq, xrefs: 00CC6FDD
,q, xrefs: 00CC7358
(oq, xrefs: 00CC73C7
(oq, xrefs: 00CC707A
(oq, xrefs: 00CC73D7
(oq, xrefs: 00CC6EF6
(oq, xrefs: 00CC6FB1
,q, xrefs: 00CC7368

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: (oq$(oq$(oq$(oq$(oq$(oq$,q$,q
API String ID: 0-2212926057
Opcode ID: c498361d922fe1617b55ac126ac6c36a25714d6ca6177c9a31aa30c2a557637c
Instruction ID: 193397739738d2ea9ff798d175177368dbad9f3bff8341c867efd1d33d4930f9
Opcode Fuzzy Hash: c498361d922fe1617b55ac126ac6c36a25714d6ca6177c9a31aa30c2a557637c
Instruction Fuzzy Hash: 5C122830A042499FCB25CF69D984EAEBBF2EF88314F148699E859DB261D730ED41CF50

Function 00CC8849 Relevance: 4.2, Strings: 3, Instructions: 498COMMON

Download Yara Rule

Strings

4'q, xrefs: 00CC8897
4'q, xrefs: 00CC8871
;q, xrefs: 00CC8C8C

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: 4'q$4'q$;q
API String ID: 0-144927120
Opcode ID: 97140ddd193072ec67114e2d23339080442b6173fa9a9e72a7a5da7eb9b6b1b7
Instruction ID: 78bf7bf856c32f79e215e163658d6d731e54634f655187127f4bb3082094a668
Opcode Fuzzy Hash: 97140ddd193072ec67114e2d23339080442b6173fa9a9e72a7a5da7eb9b6b1b7
Instruction Fuzzy Hash: EFF19F703052118FDB199B2AC964F3E7796AF85740F2940AEE412CF3A1EF25CD4AD761

Function 00CC7850 Relevance: 3.2, Strings: 2, Instructions: 702COMMON

Download Yara Rule

Strings

$q, xrefs: 00CC8397
$q, xrefs: 00CC8374

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: 3065c3600e51346b3a88893b664d157b475e7060eba4aaf885c075d3d6083146
Instruction ID: 9a45fda5e81283ef464dd30467a20c075a98d9e662d983ba99f4efa0b8de5dae
Opcode Fuzzy Hash: 3065c3600e51346b3a88893b664d157b475e7060eba4aaf885c075d3d6083146
Instruction Fuzzy Hash: D0524074A00259CFFB249BA0C854B9EBB72EF84700F1080ADD50A6B3A6DF355E85DF65

Function 00CC5700 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

Hq, xrefs: 00CC57EB
Hq, xrefs: 00CC581E

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: Hq$Hq
API String ID: 0-925789375
Opcode ID: c2de908c7f87a0aa2be51221195cc6204a5180313f4ec3db774da7d7379535dc
Instruction ID: cbdece9b2f6da97a81c286730097ceda5e54fc36b7df8be0725327ce0a69f7ee
Opcode Fuzzy Hash: c2de908c7f87a0aa2be51221195cc6204a5180313f4ec3db774da7d7379535dc
Instruction Fuzzy Hash: D7B1CB347046408FDB258F35D894B3E7BA2ABC8354F24856DE816CB3A1DB74ED82DB91

Function 04E423E0 Relevance: 2.7, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

LRq, xrefs: 04E42529
LRq, xrefs: 04E423FC

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: LRq$LRq
API String ID: 0-3710822783
Opcode ID: e15045b341c4175160a59786234f63095e0343a0c0551e069948dec80c21a5b2
Instruction ID: 7342ab632793ebdd34533e51c1ee0cd6eb6c21453e9cdf1698359f489b245b24
Opcode Fuzzy Hash: e15045b341c4175160a59786234f63095e0343a0c0551e069948dec80c21a5b2
Instruction Fuzzy Hash: 87818F34B011058FDB08EF39E854A6E7BB2BFC9744B1581A9E515DB3B1EA34EC02CB91

Function 00CC5C60 Relevance: 2.7, Strings: 2, Instructions: 230COMMON

Download Yara Rule

Strings

,q, xrefs: 00CC5D36
,q, xrefs: 00CC5D40

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: ,q$,q
API String ID: 0-1667412543
Opcode ID: d21566c2158ba315cad618f4e8ee43a17b7fddcc7fe57c42f58a73810f66450a
Instruction ID: 027ff2f52793b71467a1fce26bea4e6af00a4d92e5053478b5370a386830268a
Opcode Fuzzy Hash: d21566c2158ba315cad618f4e8ee43a17b7fddcc7fe57c42f58a73810f66450a
Instruction Fuzzy Hash: 8D815D74A00A058FCB14CF69C988FAAB7B2BF88305B65816DD416DB361DB35FE81CB51

Function 04E49510 Relevance: 2.7, Strings: 2, Instructions: 212COMMON

Download Yara Rule

Strings

(q, xrefs: 04E496EA
(&q, xrefs: 04E4962B

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: (&q$(q
API String ID: 0-2464455664
Opcode ID: 16b4ff04a60c2f1b6b0583032c71505c68117d8080d7f0174cadc449e6bfeb0f
Instruction ID: 0d873eda5fba73be0fd9749c7b9ffa6976596eade73dab78308f9955f33af0ef
Opcode Fuzzy Hash: 16b4ff04a60c2f1b6b0583032c71505c68117d8080d7f0174cadc449e6bfeb0f
Instruction Fuzzy Hash: 6771B171F002189BEB19DFB9E850AAEBBB2AFC4300F144529E405BB381DF34AD46C795

Function 00CC3480 Relevance: 2.6, Strings: 2, Instructions: 112COMMON

Download Yara Rule

Strings

Xq, xrefs: 00CC34B6
Xq, xrefs: 00CC348D

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: Xq$Xq
API String ID: 0-1556399337
Opcode ID: ca8fce84152abf1f196ee11cffab7002797e7447d5b5f7828225a218d42bad4a
Instruction ID: 24cb0a8ef9524449d8bd009c60e7b519fea1e3b05c062b60158372e779bebe50
Opcode Fuzzy Hash: ca8fce84152abf1f196ee11cffab7002797e7447d5b5f7828225a218d42bad4a
Instruction Fuzzy Hash: 4C31E631B003948BDB2D5676E894B7E76A6ABC4310F18803DD826C7390DF74CF4592A1

Function 00CC0C8F Relevance: 1.7, Strings: 1, Instructions: 417COMMON

Download Yara Rule

Strings

LRq, xrefs: 00CC0E80

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: ea63a334b92f9d9e2c2ea9d84d351e1bf0b89552b56c2d314e6ceffce4c76f32
Instruction ID: 8489a58e3028172fc26739df30bd3dd7f35a5296e0eb3862438e753328e5d598
Opcode Fuzzy Hash: ea63a334b92f9d9e2c2ea9d84d351e1bf0b89552b56c2d314e6ceffce4c76f32
Instruction Fuzzy Hash: 7B22B77890065ACFCB64EF64E894B9DBBB1FF88300F1085A5E409AB764EB706D45CF50

Function 00CC0CA0 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

LRq, xrefs: 00CC0E80

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: 40b34761c1481b7ea660b8733380bf9e9b3be0de8dade26eaf486ae946e2582a
Instruction ID: 390d6c7e9ebf82d5b04a44f2421548023fc5556e8aac9fdbd2fb4d6697cc68c1
Opcode Fuzzy Hash: 40b34761c1481b7ea660b8733380bf9e9b3be0de8dade26eaf486ae946e2582a
Instruction Fuzzy Hash: E922A77890065ACFCB64EF64E894B9DBBB1FF88301F1085A5E409AB768EB706D45CF50

Function 00CCA6B0 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

(oq, xrefs: 00CCA839

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: (oq
API String ID: 0-1999159160
Opcode ID: 43cc12c07bdf91f552343922bfa70513ed132ac6e71cb59d416780e43aebb54d
Instruction ID: fe20d7b277c78be6ce5347894fa3f00477020b92f882d4cc9dfa2be3d0d9b4c7
Opcode Fuzzy Hash: 43cc12c07bdf91f552343922bfa70513ed132ac6e71cb59d416780e43aebb54d
Instruction Fuzzy Hash: 9741CE35B002488FDB159B75D859BAE7BF2ABC8311F24406DE906DB7A1CE309C028BA1

Function 00CCA878 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a949d8c83c3e33e0e8a6b2869a70ec68c54d231b026b9331ced3810c8170f4ae
Instruction ID: a1e3ca44f68523de7d08dc843ae3b94784843b6b697d4562f004f1c3c7ba6727
Opcode Fuzzy Hash: a949d8c83c3e33e0e8a6b2869a70ec68c54d231b026b9331ced3810c8170f4ae
Instruction Fuzzy Hash: 9CF12E75A006198FCB04CF69D988FADBBF2BF88314B168099E419AB371CB35ED41CB51

Function 00CC7498 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16452bf86e9bd2c95a8093a3cc36a7f094db04d69f198f57bad971e658783285
Instruction ID: a149d6ffced53e390def146a9d21c0330a604d19016a43e8d852b03da24dec06
Opcode Fuzzy Hash: 16452bf86e9bd2c95a8093a3cc36a7f094db04d69f198f57bad971e658783285
Instruction Fuzzy Hash: D771E0346086058FCB14DF29C898FAE7BE6EF49310B1946A9E816CB3A1DB74DD41CF90

Function 04E41191 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d2049dbab0e98e27d7c1205d25d1b2bd3d8158a5f168c96fdb84cb170d42d47
Instruction ID: cb49ce1517d07ab3878a6a57d98dd1e0c05ac0ad582659057e0cc363099aafac
Opcode Fuzzy Hash: 7d2049dbab0e98e27d7c1205d25d1b2bd3d8158a5f168c96fdb84cb170d42d47
Instruction Fuzzy Hash: CA81B374E016688FDB65DF25DC94BDDBBB2BB89300F1080EAE809A7254DB315E85DF41

Function 00CCD3D8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b27e868a1d1c713f1ee2fe7caf98221f0f54f90dea1815bd108cdda6884c8b21
Instruction ID: 9d6bad34be93997300c85a09324929ef438bfe4d60d28f74016658d14570dc96
Opcode Fuzzy Hash: b27e868a1d1c713f1ee2fe7caf98221f0f54f90dea1815bd108cdda6884c8b21
Instruction Fuzzy Hash: 5A519A75061B83CFC7203F22A9EC32E7BA5FB4F323B156D10F15F894A98BB100858A61

Function 00CCE197 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b57f3f2729e720e593bd0b14eb90f3755c5d6ea148d6b27b28ccdf4ad5177be
Instruction ID: e2a68ab09e3cb59f39f17d4e8b362a8685b4dcc3cb81947dbfc36be3b332b787
Opcode Fuzzy Hash: 8b57f3f2729e720e593bd0b14eb90f3755c5d6ea148d6b27b28ccdf4ad5177be
Instruction Fuzzy Hash: C561F074D01318DFDB25DFA5D894BAEBBB2BF88300F608128D805AB268DB755A46CF50

Function 00CCD091 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e474867283524d88bbf18d7cd9a3d07457125c6a56c3c46eea3b7f3670bad05
Instruction ID: d269cd295e28ede17c3238fc9f99e7da8950f9a8dcb3687b9ce5b52894dfb608
Opcode Fuzzy Hash: 3e474867283524d88bbf18d7cd9a3d07457125c6a56c3c46eea3b7f3670bad05
Instruction Fuzzy Hash: AD519374E01208DFDB48DFA9D984A9DBBF2BF89300F248169E819AB365DB309941CF14

Function 04E4DCC0 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79faeb12847b4813d4682d58f22432ba8f0bc17c6fb4fe653cbd2719143c732f
Instruction ID: 7f1a272c2d2ff733fc39a7fbc5a2a300d62a4f713a5e58662db827afc19400c5
Opcode Fuzzy Hash: 79faeb12847b4813d4682d58f22432ba8f0bc17c6fb4fe653cbd2719143c732f
Instruction Fuzzy Hash: 13417C35941619CFD704AFB5E85C7EEBBB1FB4A306F205869E116632D1CBB81A44CF50

Function 00CC3960 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f900bf350d8b041e4b2935d7b831673aa9a1c1f1980c7295eee55622967a1266
Instruction ID: 05649e096ffd1aa61dc68f51a84377fe9cae632f97d5393fb28fd2df3227f0c4
Opcode Fuzzy Hash: f900bf350d8b041e4b2935d7b831673aa9a1c1f1980c7295eee55622967a1266
Instruction Fuzzy Hash: 59519278E01218CFCB08DFA9E59499DBBF2FF89300B209469E805AB325DB35AD41CF50

Function 00CC9AC3 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f162541611f7480a794cca75e07d51424730ad6fe077f525bdf41324b2e9639
Instruction ID: b1b0453c20e749ad4fdd89a3f74e29137dc19f59ee768e21e3535b7c6414f117
Opcode Fuzzy Hash: 5f162541611f7480a794cca75e07d51424730ad6fe077f525bdf41324b2e9639
Instruction Fuzzy Hash: 82419D31A04249DFCF15CFA5D888B9EBFB2EF89310F108159E8159B2A1D330EE11DB91

Function 04E49500 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 987d38280eb6af6a253274b017054326da33a78d43d030b3c027fedca196c73a
Instruction ID: 6ded6777ac03b07fd4e043b7333b8b6ac857995cf3a287f436e3d3a9a40fa4cb
Opcode Fuzzy Hash: 987d38280eb6af6a253274b017054326da33a78d43d030b3c027fedca196c73a
Instruction Fuzzy Hash: 93418D71E002199BDB14DFB9D880ADFBBF1AFC8710F249529E415B7240EB70AD46CB90

Function 04E49A49 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecccccb1863f81adc2eba7ebbbf0096f2248550b5037c0815ae448b329d6701f
Instruction ID: 1b9eac96baaddd638fa88f09375fad1f1d303acc78483b9f9202c0006a4d4787
Opcode Fuzzy Hash: ecccccb1863f81adc2eba7ebbbf0096f2248550b5037c0815ae448b329d6701f
Instruction Fuzzy Hash: C041E3B8E017488FDB14DFA9D594BEEBBF1BB88300F209129D415B72A5DB346946CF50

Function 04E49A58 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b68de5772f30af92e5a409c7a758bdd505ae89d34772e7f871c61f8a95ec537
Instruction ID: 87985e98d0d47d35f5c07139c67094ffb00626d81a67c7e463628bbb91454bc9
Opcode Fuzzy Hash: 3b68de5772f30af92e5a409c7a758bdd505ae89d34772e7f871c61f8a95ec537
Instruction Fuzzy Hash: 3441D1B4E016488FDB14DFA9D584BEDBBF2BB88300F209129D415A7294DB346946CF50

Function 00CC4E20 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c2dca5e428250095af2c52b8bb5b7e133edba02c4fcfd3423906fe6e5ff5917
Instruction ID: 4e622a11a5718d3e3f45064c73ba3ed985cefdfd04eb314b85a0a6f54295df4b
Opcode Fuzzy Hash: 6c2dca5e428250095af2c52b8bb5b7e133edba02c4fcfd3423906fe6e5ff5917
Instruction Fuzzy Hash: 4A319F75304189AFCF069F65D854BBE7BA2FB88311F108028F9158B251CB35DE61DBA1

Function 04E4DCB1 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca3d54a3940fa54dff7be1b0d3e56dd5d1b90d595ea33efd711499b3fe90ba65
Instruction ID: a0cb351adb6ce52ae2b95a090587b723994b9f0fd5eca6882dd458684e60949c
Opcode Fuzzy Hash: ca3d54a3940fa54dff7be1b0d3e56dd5d1b90d595ea33efd711499b3fe90ba65
Instruction Fuzzy Hash: 7731BF71901609CFE704AFB5E85C7EEBBB1FB4A306F209859D015672D1DBB81645CF90

Function 00CC7730 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e3e7d03aa6c927e3725e981b93d49aa40e990b21c94eb20242be22d2301ab4
Instruction ID: b117e9157e14682bbd52ad88391116f8618d7eae4f5eef195dc78a2f03fe22df
Opcode Fuzzy Hash: 77e3e7d03aa6c927e3725e981b93d49aa40e990b21c94eb20242be22d2301ab4
Instruction Fuzzy Hash: DF2106307082404BDF26573AD898F7D6A96EFC8754728413DDA16CB7E5DE25CC42DB80

Function 00CC7740 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa53b7572c6a28ccf1e23b2fff62c539742a3637855af3372c66f974ea6d50f3
Instruction ID: 4b4044b6611bc805610c893f0999ea9bb03fca6cd5678c079325ad65ab774793
Opcode Fuzzy Hash: aa53b7572c6a28ccf1e23b2fff62c539742a3637855af3372c66f974ea6d50f3
Instruction Fuzzy Hash: 7121AF30B082104BEF25163AD898F7E6686EFC8754B24413CDA26DB7D4EE25CC42EB90

Function 00CCA869 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f7f70cf4df32918722c6e94859762b33fb8516681e5354626db78f537ceffc5
Instruction ID: 6d6f22ebb5a1697318d61d4675b6c7571de6b5f77102e25194ec4f1d427c8fed
Opcode Fuzzy Hash: 3f7f70cf4df32918722c6e94859762b33fb8516681e5354626db78f537ceffc5
Instruction Fuzzy Hash: 8831A470A006098FCB04CF69C889EAEBBB2BF85354B15825DE555DB3B2DB31DD02CB91

Function 00C6D005 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3720361254.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c6d000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e027221997d1787826da955ea2a329103f6e7998a7bd5c4894f298923bb241
Instruction ID: eb7c58ad8304816c55082bedb0e67e4ff4ef7cc358e5e14ce7e3862ff2afec34
Opcode Fuzzy Hash: b9e027221997d1787826da955ea2a329103f6e7998a7bd5c4894f298923bb241
Instruction Fuzzy Hash: 13314F7550D3C49FCB13CB20C994715BF71AF47214F2985DBD9898F2A3C27A980ACB62

Function 00CC5AB8 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be0596f6eebcc2168ab3f4c9a545b1f7c0234bbf412d6838257ea44675571991
Instruction ID: 51f4d33da1b8915a2c2cc747d1b465fd32edaeeeabb6a5d683af18e5c1c37d78
Opcode Fuzzy Hash: be0596f6eebcc2168ab3f4c9a545b1f7c0234bbf412d6838257ea44675571991
Instruction Fuzzy Hash: 7A21A135704A518FC7199B25D8A4B2EBB52BF88751715417DE816CB764CF30EC42C790

Function 00CC20B8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dd912e2e3c7af3803604960bfdd506ef15460ecac8aaf758c1ae6138c46178e
Instruction ID: 8490f718d1cf096bbb019d935d404a0713f5db0af580f80677c0352c128b20bb
Opcode Fuzzy Hash: 6dd912e2e3c7af3803604960bfdd506ef15460ecac8aaf758c1ae6138c46178e
Instruction Fuzzy Hash: C521C435A002059FCB14DB28C840FAE3BF5EB99350F65C51DE91A9B258EB31EF46CB80

Function 00C6D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3720361254.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c6d000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e99a5361c242258393d09f641414aab069cb14d2a86f04b1a558437a57d23c73
Instruction ID: 5e13e7af13e7c603051fd414764421cf8a936ccfee82272a91a21e818cf4ee9a
Opcode Fuzzy Hash: e99a5361c242258393d09f641414aab069cb14d2a86f04b1a558437a57d23c73
Instruction Fuzzy Hash: 9C21C275A04204AFDB24DF20D9C4B26BBA5FB84314F24C56DE94A4F292C776D847CA62

Function 04E496F0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220b19ac0ef4ef06720cd7abeaadac1638343a6202fc76730153f00ef495cbbf
Instruction ID: 8414a0709fc8be2cb6365d188730b17a986a3a652d8bbe9db1229d8f57383658
Opcode Fuzzy Hash: 220b19ac0ef4ef06720cd7abeaadac1638343a6202fc76730153f00ef495cbbf
Instruction Fuzzy Hash: 101129357093841FEB066FB8682026E3F63DFC5244715446EE905DB392CE388D0683E6

Function 00CC4E11 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1dfda90433b8a61ce1ff0b3a3bde00768e453ffef9ffcd4ea2f6c8e26967bc8
Instruction ID: b5273d6f5dce1236aad81f0ac5893cf85b6ca4ab9f8205f5bdcee748602d7bb4
Opcode Fuzzy Hash: e1dfda90433b8a61ce1ff0b3a3bde00768e453ffef9ffcd4ea2f6c8e26967bc8
Instruction Fuzzy Hash: 8621F3757041889FCB099F64E854B6E7BA2FB84311F10806CF9168B355CB34CE55CBE0

Function 04E4E0C0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1231141662f00e29440cc78a1b1ee80014ff980b09e0a4a565c66de9adb365d9
Instruction ID: 9ac805a69f3c3b6c44a3e3307ed68634611b6cbdca2f37148f3af4eee3d4328d
Opcode Fuzzy Hash: 1231141662f00e29440cc78a1b1ee80014ff980b09e0a4a565c66de9adb365d9
Instruction Fuzzy Hash: DA1108317042808FE7150B7A6C547BFBBA7AFC9210B28447BE50AC73E6CD248C0A8370

Function 00CC5AC8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 739a62e6f45488f6fb9ab02b05131f83452369db6a7ad87fc763705378693b13
Instruction ID: 8c7425dd215d3f5ba8f4f0950acd39025c4b82cebd37e22d2f124950e22bc944
Opcode Fuzzy Hash: 739a62e6f45488f6fb9ab02b05131f83452369db6a7ad87fc763705378693b13
Instruction Fuzzy Hash: 6B118235300A119FC7199B2AD8A4B2EBB96BF8875171541BDE816CB350CF31EC4287D0

Function 00CCE0B9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6376fcf68218af187ad8694ee8f886cd0d7f85c2be02f0295fa9e89fd33c8180
Instruction ID: 29147176c15587af3708b79d96eea4018a2bb9a20ff80cf4b46290e217a492e6
Opcode Fuzzy Hash: 6376fcf68218af187ad8694ee8f886cd0d7f85c2be02f0295fa9e89fd33c8180
Instruction Fuzzy Hash: 25218E78D012099FEB45EFB9D94178EBBF2EB85300F14C1A9D0189B365EB704A06DB81

Function 00CC1FB8 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6911ca161291d33cb93edb7e89d9dc434d4e96c8c7a25e49201177611a481e
Instruction ID: a02f1807276715ae75ae88a4d6f4e10954eea1d42ea0182153b29971f404a4c9
Opcode Fuzzy Hash: 8e6911ca161291d33cb93edb7e89d9dc434d4e96c8c7a25e49201177611a481e
Instruction Fuzzy Hash: 2121D3B4C046498FCB44EFA9D9956EEBFF0FF0A300F10516AD809B7220EB305A45CBA1

Function 04E49999 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb39285734232de429c126b20e4f599317dbb6975115ede7d9c2432205029be
Instruction ID: 3bafc7c811a6e499e1b3d2648776b4bdf523f2c8a3a3901460443c4c25fa20e0
Opcode Fuzzy Hash: fdb39285734232de429c126b20e4f599317dbb6975115ede7d9c2432205029be
Instruction Fuzzy Hash: 071156B6800349DFDB20CF99D845BEEBFF4EB88320F148419E558A7251C339A550DFA5

Function 04E49280 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a5b0271f38ee5f5b329412692e8e285876b5b904c3610b977d1224748813d09
Instruction ID: f34cc5adb7f0ab88ca33beb66bc2ece3d5a77d6fb19ce081b7b147379917bba3
Opcode Fuzzy Hash: 4a5b0271f38ee5f5b329412692e8e285876b5b904c3610b977d1224748813d09
Instruction Fuzzy Hash: 3F1156B6800249DFDB20CF99D905BEEBBF4EB48324F148419EA14A7251C339A550DFA5

Function 00CCE0C8 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c4bd969a546a203b15e4aa7277c0dbe082f11e821bddc23b6d0a153017d345d
Instruction ID: bc64cb2a2db5abe78972b70b50fb85058b287f4491c981b9346112412e6b410a
Opcode Fuzzy Hash: 0c4bd969a546a203b15e4aa7277c0dbe082f11e821bddc23b6d0a153017d345d
Instruction Fuzzy Hash: F8117C78D0020A9FDB44EFB9D94078EBBF2FB84300F10C1A9D0189B355EBB05A46DB81

Function 04E48EC1 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e945a96452e0016331c8828d3c56b3360b60a8ba9e5a2099aea570cff502e75
Instruction ID: 6d33c44348fe124c8bf9abdafc547d1b9283d6e29ad45049522aafe06c6a5bf9
Opcode Fuzzy Hash: 8e945a96452e0016331c8828d3c56b3360b60a8ba9e5a2099aea570cff502e75
Instruction Fuzzy Hash: 36113378F001498FDB00EFA8E954BDEBBF5FB84311F009055E858AB345E730A9428F51

Function 00CC565F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af0df62de9e12d04d3173331af7a5d35ec330683b2dc1e74f789d555bc6e193e
Instruction ID: 9963e206559b5b34efc15812edc4528d1d628e1f31322cc9c52de955afc86c4e
Opcode Fuzzy Hash: af0df62de9e12d04d3173331af7a5d35ec330683b2dc1e74f789d555bc6e193e
Instruction Fuzzy Hash: 120128B2B041846FDB068E65DC10BAF7FA7DBC8352B24803EF914CB290CA71DD4297A1

Function 04E42670 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a1d047d3cd5b716e9f9e5a6c3dbf3e1c1283ac38acc702d9b00d840469ec449
Instruction ID: 3fbb908e24c7c892dcb856d51d31ff11d821574a5f5b6fcf07909d405d416a1e
Opcode Fuzzy Hash: 4a1d047d3cd5b716e9f9e5a6c3dbf3e1c1283ac38acc702d9b00d840469ec449
Instruction Fuzzy Hash: 4B11AD71B00620CFD790EF7CE508AAEBBF0EF89261B1514B9E455DB361DA31D802CB91

Function 04E425E8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25f40e27311b673c2c284e64d19140ce3945ff031ba6e399a08f6e8a240b05fd
Instruction ID: 0343f14137f806c6087c36004d0328ff989b23eef2357986d353b254213a14c6
Opcode Fuzzy Hash: 25f40e27311b673c2c284e64d19140ce3945ff031ba6e399a08f6e8a240b05fd
Instruction Fuzzy Hash: BA01FB70E002198FCF54EFB9D840AEEBBF5BF88240F0085A9E519E7250E73459018F90

Function 04E49760 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3531e8edea32d4b699f7656d04799bd1883a66fa5bde92ad7a2713edc6deefa4
Instruction ID: 23a3f43f98658ac8cb4494d15577c7dd0a2f76f2a393ae6256da1420cb35afe2
Opcode Fuzzy Hash: 3531e8edea32d4b699f7656d04799bd1883a66fa5bde92ad7a2713edc6deefa4
Instruction Fuzzy Hash: ABF0E2363002186F9F069E98A8009EF7BABEFC8360B004429FA0997351CA319C2197B5

Function 00CCDDD0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3a322aba1a9e0f2cad8095bca03df985fd204afe0e643bf1e16dc36729ca206
Instruction ID: 8cfd5fd4586528fd6616737bcadd04e263e74e321e9309673f930196353f80a7
Opcode Fuzzy Hash: e3a322aba1a9e0f2cad8095bca03df985fd204afe0e643bf1e16dc36729ca206
Instruction Fuzzy Hash: 6BE02230D00304CBE7068BA6EC087AA7AB19786302F405078C1296B271CBB14905DB91

Function 00CC2068 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13e90ca528965c9c25c16336e1bc24a06aba0b5749dc421fc1f5df3786db2239
Instruction ID: e055668485e8b63fceb588e405e27ced65aa24d0cf1ebfbbddd623619f7572b4
Opcode Fuzzy Hash: 13e90ca528965c9c25c16336e1bc24a06aba0b5749dc421fc1f5df3786db2239
Instruction Fuzzy Hash: C7E0D8319243A54FC70697B498540FEBF74ADC7321B5586BAD45077044E731151AC761

Function 00CC2078 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f64d79f0d76e250d9593e34ed76a697e95b57fd3c87249cd87bb9bae35454b2
Instruction ID: 57fcb7b713a7cc3cda5ba3b18cc872e01c18247b14ea8750140405754ef26a03
Opcode Fuzzy Hash: 5f64d79f0d76e250d9593e34ed76a697e95b57fd3c87249cd87bb9bae35454b2
Instruction Fuzzy Hash: 84D02B31D2032A43CB00E7A5DC044EFFB38EEC1322B918322D41033000FB312658C2E1

Function 00CC82B8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: 21c5b7516997bcf46a896ee4299b0c9361d0ec0e1d636c59833cbd28a46a97d5
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 60C0127320C1282AA224508EBC44EA3AA8CC2C1BB4A25017BF92CA3201AC429C8441A4

Function 00CCA76D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a69fd449ebcb02e035b986a05959854c9086e53fef5ee26eb1f7eea1d6a68552
Instruction ID: 0e2ec8e580af2fc50a4c393ef9cad46d840e38ccd417b5518bd268c4a5b01cf0
Opcode Fuzzy Hash: a69fd449ebcb02e035b986a05959854c9086e53fef5ee26eb1f7eea1d6a68552
Instruction Fuzzy Hash: D1D0677AB110089FDF049F98EC809DDB7B6FB9C221B548116E915A7260C631A925DB90

Function 00CC5F00 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da412f600d458dc464d7f9f668b15eaac46910a0a71f8a50979c66e9e7b09cd7
Instruction ID: 0ef730c2c31b98c8c3f08ba90adab71734201b6109dec8bb7a93bf2886f80069
Opcode Fuzzy Hash: da412f600d458dc464d7f9f668b15eaac46910a0a71f8a50979c66e9e7b09cd7
Instruction Fuzzy Hash: DDD0C27D9083C21BD712F330A8A14483B222980504B5045E9E80209826DBA6444A8B62

Function 00CC5F10 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d88183aa0a75ffc22d53f1f3bba11d459b839106e9762422027862277c985749
Instruction ID: 3937ad5e1691cd3e4105000321f2a957135c77d81b9ccb9d0b8205f205895830
Opcode Fuzzy Hash: d88183aa0a75ffc22d53f1f3bba11d459b839106e9762422027862277c985749
Instruction Fuzzy Hash: 96C0803C500B4A4BD511F771FD4565D336B76C0610F404970F40A0D929DFF5694597F6

Non-executed Functions

Function 04E42807 Relevance: 12.9, Strings: 10, Instructions: 389COMMON

Download Yara Rule

Strings

PHq, xrefs: 04E42CF6
PHq, xrefs: 04E42EE6
Hq, xrefs: 04E42869
PHq, xrefs: 04E42BEA
", xrefs: 04E43087
PHq, xrefs: 04E42ED2
PHq, xrefs: 04E42CE2
PHq, xrefs: 04E42DD7
PHq, xrefs: 04E42DEB
PHq, xrefs: 04E42BFE

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: "$Hq$PHq$PHq$PHq$PHq$PHq$PHq$PHq$PHq
API String ID: 0-2204202469
Opcode ID: 1928b498ce2766d9ab3cd6c061ada941dd0f34642cc59a3c42b74a5616199c2b
Instruction ID: 5d7bdac621881e16a1c5b850bd05104ad0c1b0f310b50b4b04a844892b70cb03
Opcode Fuzzy Hash: 1928b498ce2766d9ab3cd6c061ada941dd0f34642cc59a3c42b74a5616199c2b
Instruction Fuzzy Hash: 0412D374E002188FEB68DF65D944BDDBBB2BF89300F2081A9D809AB365DB755E85CF14

Function 00CCE3E8 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd770045ce72520a713ae263c8f1eaf35d30018c0f6b2f70ec60be93eb921de1
Instruction ID: 3ab9d445e3efc3f5ddfa3863068456ea16617bc008e1e77339c6f4c5a644f1d1
Opcode Fuzzy Hash: bd770045ce72520a713ae263c8f1eaf35d30018c0f6b2f70ec60be93eb921de1
Instruction Fuzzy Hash: 1052AB74E01268CFDB64DF65C984B9DBBB2BB89301F1081EAD409AB264DB359E81DF50

Function 04E408F0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efcb932ea655739340590727884e31d42ed94aec8746c6e3648d13ac0aa925ad
Instruction ID: 3c80123f8c8fc3b63798e4836ed8bef23ed4a496ed8aa839b194f0b48ae6c681
Opcode Fuzzy Hash: efcb932ea655739340590727884e31d42ed94aec8746c6e3648d13ac0aa925ad
Instruction Fuzzy Hash: CEC1B274E00218CFEB54DFA5D984B9DBBB2BF88304F2081A9D409AB355DB35AE85DF50

Function 04E474A8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51e187d08450eb406084add587014db6222f5aefd3c9e0c4d42850565f46f4d3
Instruction ID: 1bfdbd98c22e5bb8295c5be9d5b81fd6aaf2e42d7e16e366691868328909d6cf
Opcode Fuzzy Hash: 51e187d08450eb406084add587014db6222f5aefd3c9e0c4d42850565f46f4d3
Instruction Fuzzy Hash: 93C1B374E00218CFEB54DFA5D984B9DBBB2BF88304F2081A9D409AB355DB35AE85DF50

Function 04E40498 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c5686d843a2dc0314988ebb50ea08840320a60db80332e5717eec7a82dc055f
Instruction ID: 51dc5f4f3f8559cc30fac8331bb0f48fee48af6776ad5aa87557c9cc6fa1c331
Opcode Fuzzy Hash: 3c5686d843a2dc0314988ebb50ea08840320a60db80332e5717eec7a82dc055f
Instruction Fuzzy Hash: DAC1B374E00218CFEB54DFA5D984B9DBBB2BF88304F2081A9D409AB355DB35AE85DF50

Function 04E40040 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfacdac179940be32d801fe8ac5ef055e67bca2df1fe3b02a079e8a0a870fa00
Instruction ID: 098f9674a9b4f9bed334014acd9e37b480b527c66a964824e0af34c3c3d9b9e6
Opcode Fuzzy Hash: dfacdac179940be32d801fe8ac5ef055e67bca2df1fe3b02a079e8a0a870fa00
Instruction Fuzzy Hash: 4BC1C374E00218CFEB54DFA5D984B9DBBB2BF88304F2081A9D409AB365DB356E81DF50

Function 04E47050 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb374ee3cd85997d7a168d9d98ec48b674c98884e4108cd39db9ad856a10a240
Instruction ID: 7f4e4276610584598a26a55d866c844b821496ef82f693a3d04403b3d589b59b
Opcode Fuzzy Hash: bb374ee3cd85997d7a168d9d98ec48b674c98884e4108cd39db9ad856a10a240
Instruction Fuzzy Hash: E1C1D474E00218CFEB54DFA5D984B9DBBB2BF88304F1091A9D409AB355DB356E81DF50

Function 04E481B0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc9c9dd1075d9d99cb404eb1d6e6fd9c3e8c23acce91e322a4cce82b1cf212a4
Instruction ID: 7523412e5340e78d436dbf4926d6f5eac8469725fbdb70e5471fd0c416f4e69c
Opcode Fuzzy Hash: bc9c9dd1075d9d99cb404eb1d6e6fd9c3e8c23acce91e322a4cce82b1cf212a4
Instruction Fuzzy Hash: 15C1C374E00218CFEB54DFA5D984B9DBBB2BF88304F2080A9D409AB355DB35AE85DF50

Function 04E45198 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e8a25137e2e84c6f511c1b289de5a40b4ab13184b873f807e03eea41acb334a
Instruction ID: f69ad71c5b8e973e24bcc484f252243a48fd275a661c18a88438962e568bbe46
Opcode Fuzzy Hash: 3e8a25137e2e84c6f511c1b289de5a40b4ab13184b873f807e03eea41acb334a
Instruction Fuzzy Hash: C5C1B474E00218CFEB54DFA5D984BADBBB2BF88304F2081A9D409AB355DB359E85DF50

Function 04E40D48 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8839b4ab7b57fa67e2411c78690646b4caa053b25e44f2e7b22d4fc7df88be75
Instruction ID: 54941acdf3c0295c449e219b41eeae4675243c79de9791978ffe93c82501fd42
Opcode Fuzzy Hash: 8839b4ab7b57fa67e2411c78690646b4caa053b25e44f2e7b22d4fc7df88be75
Instruction Fuzzy Hash: 24C1B374E00218CFEB54DFA5D984B9DBBB2BF88304F1081A9D409AB365DB356E85DF50

Function 04E47D58 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8acb56ddc17d841fae97e67617eef35d9649a357863bf943ef186c30d438389e
Instruction ID: f24c007ba0cf2de378f522795bf0563bb76e59ea84d0efc1c5c8dd7a33b51ec8
Opcode Fuzzy Hash: 8acb56ddc17d841fae97e67617eef35d9649a357863bf943ef186c30d438389e
Instruction Fuzzy Hash: BCC1C374E00218CFEB54DFA5D984B9DBBB2BF88304F2081A9D409AB365DB356E85DF50

Function 04E47900 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5c506114b9a58053e59d8f1a6dba8fe533c2b0d677dc31f6f60b79de91f7b9f
Instruction ID: 0895fa54b8a4cc448bb7defb381722771ce3d431999932108c9cfb2fdd39b7f1
Opcode Fuzzy Hash: d5c506114b9a58053e59d8f1a6dba8fe533c2b0d677dc31f6f60b79de91f7b9f
Instruction Fuzzy Hash: BEC1C274E00218CFEB54DFA5D984B9DBBB2BF88304F2090A9D409AB355DB35AE85DF50

Function 04E45EC8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1375ebd926d6e828dea210ff21acdd57a9d030962b3bd7f293539818593a35f5
Instruction ID: e7fb26e5c1db9c7ad4ad6c942a224aaf32b809db8c525e297110f312b54fc6ed
Opcode Fuzzy Hash: 1375ebd926d6e828dea210ff21acdd57a9d030962b3bd7f293539818593a35f5
Instruction Fuzzy Hash: EFC1C374E00218CFEB54DFA5D984B9DBBB2BF89304F2081A9D409AB355DB35AE85DF10

Function 04E45A70 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a94ddb0c5fcd2f8536a616606d0c728f14e96a442dec48658e0135fd95d97bac
Instruction ID: d915c20fcf0bbac50b686035ea8f8b2b84e9f2532c379fa7c99d2a4003cb16c9
Opcode Fuzzy Hash: a94ddb0c5fcd2f8536a616606d0c728f14e96a442dec48658e0135fd95d97bac
Instruction Fuzzy Hash: BCC1B474E00218CFEB54DFA5D984B9DBBB2BF88304F2080A9D409AB355DB35AE85DF50

Function 04E45618 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea8b01414870aa0d4cdf1b686bf93f38aae0159787c6eaa6814604ffe943b8e9
Instruction ID: 2cad994d598ebbceb9945dad17f69ce3060c136b50252864e6aa86285c59a088
Opcode Fuzzy Hash: ea8b01414870aa0d4cdf1b686bf93f38aae0159787c6eaa6814604ffe943b8e9
Instruction Fuzzy Hash: 83C1C374E00218CFEB54DFA5D984B9DBBB2BF88304F1080A9D409AB355DB35AE81DF50

Function 04E46BD0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58aa6a47e40d69634d0233cc6212d9fa70c94cc426d98dd9f4d322bf8a0eddb4
Instruction ID: 2b2409858b0342c60b3cc818047337b4bd96c6e63216a8b064104807131ccba2
Opcode Fuzzy Hash: 58aa6a47e40d69634d0233cc6212d9fa70c94cc426d98dd9f4d322bf8a0eddb4
Instruction Fuzzy Hash: 07C1B274E00218CFEB54DFA5D984B9DBBB2BF89304F1080A9D409AB365DB35AE85DF50

Function 04E46778 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f8eeab59ca8367d8468a9a4a8a5a26d13b22dc52e0c809d4fe08079c3afeef0
Instruction ID: c54a0c0ac5deeca2ec22f8b02da5d5e868527688eda16c116153157213b2bb0e
Opcode Fuzzy Hash: 6f8eeab59ca8367d8468a9a4a8a5a26d13b22dc52e0c809d4fe08079c3afeef0
Instruction Fuzzy Hash: AFC1C474E00218CFEB54DFA5D984B9DBBB2BF89304F1080A9D409AB355DB35AE85DF50

Function 04E46320 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e02ff2318528a52085a1ec4a043a8efd8716e759d3431b47ede18c2811001b2
Instruction ID: b44fcc8b600848ecacad252aec0fd3bbacbb4efd68ebf048acb6106f81b571e5
Opcode Fuzzy Hash: 1e02ff2318528a52085a1ec4a043a8efd8716e759d3431b47ede18c2811001b2
Instruction Fuzzy Hash: BAC1C474E00218CFEB54DFA5D984B9DBBB2BF89304F1080A9D409AB355DB39AE85DF50

Function 04E433B8 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4513d492ea044e79e0142972507dd8b8589b65e568a9d94f3b4b1653a1c105f
Instruction ID: 9bdc886abe4f266793274c9582ad8961571be3d6ebd9136b78ac193b90042824
Opcode Fuzzy Hash: d4513d492ea044e79e0142972507dd8b8589b65e568a9d94f3b4b1653a1c105f
Instruction Fuzzy Hash: 80B1A574E00618CFDB54DFA9D884A9DBBB2FF89300F2481A9D819AB365DB34AD41CF50

Function 04E433A8 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3726893896.0000000004E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4e40000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec820bd07661217994e873eafa8602930c989d47f89b674c5b7bdf9ce4fd5937
Instruction ID: 163e1d1d3698c2f5c3de52658e7db4a00fdd7add72cf36084f6d442a7f08a411
Opcode Fuzzy Hash: ec820bd07661217994e873eafa8602930c989d47f89b674c5b7bdf9ce4fd5937
Instruction Fuzzy Hash: 26519974E016088FDB48DFAAD984A9DFBF2FF89300F249169D815AB365EB349941CF50

Function 00CC60E8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;q, xrefs: 00CC60FE
\;q, xrefs: 00CC611A
\;q, xrefs: 00CC6126
\;q, xrefs: 00CC60F4

Memory Dump Source

Source File: 00000002.00000002.3724296437.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cc0000_MT Marine Tiger.jbxd

Similarity

API ID:
String ID: \;q$\;q$\;q$\;q
API String ID: 0-2933265366
Opcode ID: 6507a0622176c3a7e00dff147b62f2d0d6c6bfbf0b190b32580a12fbbfe87421
Instruction ID: 18bbde5969a3ea9221d83575dd658a13abbd570abce52b669b7d6f629cc805b4
Opcode Fuzzy Hash: 6507a0622176c3a7e00dff147b62f2d0d6c6bfbf0b190b32580a12fbbfe87421
Instruction Fuzzy Hash: 60017C31B001158F8B249A2ACA40F2973E6AF887A672D416EE416CB372DA31DC429791

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MT Marine Tiger.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MT Marine Tiger.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
MT Marine Tiger.exe

Function 012DA548 Relevance: 1.7, APIs: 1, Instructions: 194
COMMON

Function 012DAB90 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 012DCB38 Relevance: 1.6, APIs: 1, Instructions: 64
COMMON

Function 012D9930 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 012DADB8 Relevance: 1.6, APIs: 1, Instructions: 51
libraryCOMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre