General
-
Target
Halkbank_Ekstre_20210622_142426_2309801.doc.exe
-
Size
879KB
-
Sample
210622-sdfpzfr7re
-
MD5
cb77c03fa42464f67389a8c2b6d43c5c
-
SHA1
9e1569e129da250aa7d2e6267fe6c1354c6ed93f
-
SHA256
4f365f100ae64776f47ec98a4fb61a15d2d45f4534aaa82402b9530bc251fde0
-
SHA512
aecc71e514c987bf0aed701a8d2cf978775b2e002c46864bec7e6ef3dfbec76b18fefb834827438a25fe2543a32b503dce663467d5673a7440135ff331b558b2
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20210622_142426_2309801.doc.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20210622_142426_2309801.doc.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.jpentertainment.com.sg - Port:
587 - Username:
info@jpentertainment.com.sg - Password:
Esi@jpe3
Targets
-
-
Target
Halkbank_Ekstre_20210622_142426_2309801.doc.exe
-
Size
879KB
-
MD5
cb77c03fa42464f67389a8c2b6d43c5c
-
SHA1
9e1569e129da250aa7d2e6267fe6c1354c6ed93f
-
SHA256
4f365f100ae64776f47ec98a4fb61a15d2d45f4534aaa82402b9530bc251fde0
-
SHA512
aecc71e514c987bf0aed701a8d2cf978775b2e002c46864bec7e6ef3dfbec76b18fefb834827438a25fe2543a32b503dce663467d5673a7440135ff331b558b2
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-