General
-
Target
7c761e677c6c12bde4970fa37115e4a1.exe
-
Size
811KB
-
Sample
211207-ytvbkacfgr
-
MD5
7c761e677c6c12bde4970fa37115e4a1
-
SHA1
5bd39866c515d272e2f96fe633294f449e7ba7d8
-
SHA256
c8e971638c57e9cd838e2de9de072dec4a96ae780f722e99c21139732a133a51
-
SHA512
9c16693bbb5a4233344cbbecdb207347de6ca3b2c981b5300447dc67ffd8505dd20789f2b1cc298c55d3c14ce8fed5dcc71ad61b2b0ce131f72bbb7626a24871
Static task
static1
Behavioral task
behavioral1
Sample
7c761e677c6c12bde4970fa37115e4a1.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
7c761e677c6c12bde4970fa37115e4a1.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.turkal.com - Port:
587 - Username:
info@turkal.com - Password:
Turkal2020!
Targets
-
-
Target
7c761e677c6c12bde4970fa37115e4a1.exe
-
Size
811KB
-
MD5
7c761e677c6c12bde4970fa37115e4a1
-
SHA1
5bd39866c515d272e2f96fe633294f449e7ba7d8
-
SHA256
c8e971638c57e9cd838e2de9de072dec4a96ae780f722e99c21139732a133a51
-
SHA512
9c16693bbb5a4233344cbbecdb207347de6ca3b2c981b5300447dc67ffd8505dd20789f2b1cc298c55d3c14ce8fed5dcc71ad61b2b0ce131f72bbb7626a24871
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-