General
-
Target
Dekont Swift Mesaji.exe
-
Size
970KB
-
Sample
211207-vhz6wsbegj
-
MD5
7dd3654a64ae8c4b4a1b34376ca00e97
-
SHA1
cf22f0375784b414f4ffd3c8044d7d9aad0c78da
-
SHA256
3f21db9d14aeead42447a3da72e51971ff0eaf006919824b02416bc0943ad551
-
SHA512
962b58e2f1ef564964f19c6500489a6ffa6dc22b67128dbf8ba1e8c64a60dbea4162be57c65f3fd93b5e8cc05857a9a212bcaa4c4730fe2b4a155083932a5f29
Static task
static1
Behavioral task
behavioral1
Sample
Dekont Swift Mesaji.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Dekont Swift Mesaji.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.eriminsaat.com.tr - Port:
587 - Username:
ercanerol@eriminsaat.com.tr - Password:
ercan932016erim
Targets
-
-
Target
Dekont Swift Mesaji.exe
-
Size
970KB
-
MD5
7dd3654a64ae8c4b4a1b34376ca00e97
-
SHA1
cf22f0375784b414f4ffd3c8044d7d9aad0c78da
-
SHA256
3f21db9d14aeead42447a3da72e51971ff0eaf006919824b02416bc0943ad551
-
SHA512
962b58e2f1ef564964f19c6500489a6ffa6dc22b67128dbf8ba1e8c64a60dbea4162be57c65f3fd93b5e8cc05857a9a212bcaa4c4730fe2b4a155083932a5f29
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-