General
-
Target
41350028216_20220706_13031864_HesapOzeti.exe
-
Size
46KB
-
Sample
220706-s9xhzageh9
-
MD5
5a34a2ba46c55fba36eff6abeb514e8f
-
SHA1
3da51cbca6040ddeab6c6219431ebbbc07cb1cd0
-
SHA256
439d62e7f383acd7a9d757ad499d7ba5992cfdfbefa5572ce0a79d4fe41bb40d
-
SHA512
583f20235d015980d9adef949e7c2d5be7392906bab27906b29b8286bd34e87c125fb87fb24e3e3a1ef993f3d31e3c6ff15163c0b5fd55086cb243f6588453b7
Static task
static1
Behavioral task
behavioral1
Sample
41350028216_20220706_13031864_HesapOzeti.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
41350028216_20220706_13031864_HesapOzeti.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5166529015:AAHmXMIWF4K9IarF05CZj5gCu_oVRj3zFHc/sendMessage?chat_id=5170122971
Targets
-
-
Target
41350028216_20220706_13031864_HesapOzeti.exe
-
Size
46KB
-
MD5
5a34a2ba46c55fba36eff6abeb514e8f
-
SHA1
3da51cbca6040ddeab6c6219431ebbbc07cb1cd0
-
SHA256
439d62e7f383acd7a9d757ad499d7ba5992cfdfbefa5572ce0a79d4fe41bb40d
-
SHA512
583f20235d015980d9adef949e7c2d5be7392906bab27906b29b8286bd34e87c125fb87fb24e3e3a1ef993f3d31e3c6ff15163c0b5fd55086cb243f6588453b7
Score10/10-
Snake Keylogger Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-