Extracted

• • Target

    Halkbank_Ekstre_20220909_075819_154055.exe

  • Size

    1.2MB

  • MD5

    d53c6c6294a684a7a255f421cd2e5117

  • SHA1

    f04853fc55d5c1e84f1ea440251282555bdb170c

  • SHA256

    464a4d27acc544fd3e4c8eaccc443e9e527f1afc1df0bea8fac7fe7962f4a217

  • SHA512

    a1aaf3f34cc7628dee1ca2a9c6fe0bd60c29e313f61bf924616e27c8f4efa5960fa1d5c543e6d30518b6a8524e3fb571ddf2be9aa95a05f4711b45acafe5b89f

  • SSDEEP

    12288:AA/2iNddBxvCxDVbIrAdaPKuMndpp74puKiKetYQBFl:519BU/QkWKuMndpquoeCC

  Score

  10^/10

  snakekeyloggercollectionkeyloggerspywarestealer

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger

  • Snake Keylogger payload

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2