General
-
Target
nakit.exe
-
Size
587KB
-
Sample
211202-tnhcladdf8
-
MD5
1c07bd7e68247568357448dc81d45e53
-
SHA1
88c96369e426a72d3043582115da7aa623b00e66
-
SHA256
ea11fa5c53db476858902d1ac3a763bf6da8e743b9dc3a508a203b18ffc2d9a5
-
SHA512
ffdb7e4dd2d67db9bb20ea5d2fd83d12c49feaa7a9ac49ef9c51c2971ce294e42c6db9ac4719b0007ec61f184c854d2004c88cd0d40078f49f6c9631e3ddd35a
Static task
static1
Behavioral task
behavioral1
Sample
nakit.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
nakit.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.egesucuklari.com.tr - Port:
587 - Username:
info@egesucuklari.com.tr - Password:
EgeTire1966
Targets
-
-
Target
nakit.exe
-
Size
587KB
-
MD5
1c07bd7e68247568357448dc81d45e53
-
SHA1
88c96369e426a72d3043582115da7aa623b00e66
-
SHA256
ea11fa5c53db476858902d1ac3a763bf6da8e743b9dc3a508a203b18ffc2d9a5
-
SHA512
ffdb7e4dd2d67db9bb20ea5d2fd83d12c49feaa7a9ac49ef9c51c2971ce294e42c6db9ac4719b0007ec61f184c854d2004c88cd0d40078f49f6c9631e3ddd35a
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-