General
-
Target
nakit,docx.exe
-
Size
654KB
-
Sample
211201-psxwmafba8
-
MD5
5b850d17d9cb0946da0dbc671d639001
-
SHA1
4c0c2a45d97c6029cce2f8fb285d26f31c26e4ad
-
SHA256
463a558653c43ed0fa666ea78e6c81fc542e4acd587014e8bb6b2a3504753bf8
-
SHA512
d664f906abd99b09e4fdbef12a08df92867d16e494744fcb1d7a59969c65b017d02c70ffc109c54e335d163ba425a629828ba7abc1822cc1aed1ee719482c256
Static task
static1
Behavioral task
behavioral1
Sample
nakit,docx.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
nakit,docx.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.egesucuklari.com.tr - Port:
587 - Username:
info@egesucuklari.com.tr - Password:
EgeTire1966
Targets
-
-
Target
nakit,docx.exe
-
Size
654KB
-
MD5
5b850d17d9cb0946da0dbc671d639001
-
SHA1
4c0c2a45d97c6029cce2f8fb285d26f31c26e4ad
-
SHA256
463a558653c43ed0fa666ea78e6c81fc542e4acd587014e8bb6b2a3504753bf8
-
SHA512
d664f906abd99b09e4fdbef12a08df92867d16e494744fcb1d7a59969c65b017d02c70ffc109c54e335d163ba425a629828ba7abc1822cc1aed1ee719482c256
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-