General
-
Target
hesaphareketi-01.pdf.exe
-
Size
697KB
-
Sample
210622-5m1ex7kpz6
-
MD5
cdc09d114e7ef97e3b44f9e6a2c7eb31
-
SHA1
67b89cf2be7e7ad9470c741d3d0890d2b24844ae
-
SHA256
d997dfe7e6510a2a71d55a8653e0097c9171a0cbae9b9b315dc73320729d68cc
-
SHA512
74bf699baa77d9ce7792e1da1bed7a182775469a497d940ac7d21228d2d4b09e80fabeedf1366fcfe7ca38606009dc20cc740b0ff17fe0287f8f9183d5a08397
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
hesaphareketi-01.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ekonaz.com - Port:
587 - Username:
bilgi@ekonaz.com - Password:
251925
Targets
-
-
Target
hesaphareketi-01.pdf.exe
-
Size
697KB
-
MD5
cdc09d114e7ef97e3b44f9e6a2c7eb31
-
SHA1
67b89cf2be7e7ad9470c741d3d0890d2b24844ae
-
SHA256
d997dfe7e6510a2a71d55a8653e0097c9171a0cbae9b9b315dc73320729d68cc
-
SHA512
74bf699baa77d9ce7792e1da1bed7a182775469a497d940ac7d21228d2d4b09e80fabeedf1366fcfe7ca38606009dc20cc740b0ff17fe0287f8f9183d5a08397
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-