General
-
Target
Ödeme 31722.exe
-
Size
960KB
-
Sample
220930-qf3f1seedr
-
MD5
cf0fd6f23ff3da25f00bad7b446f73a1
-
SHA1
7625497a99c6792d15149933320419bc13224c55
-
SHA256
1f176fdfac20ab4ddb6978f2d9bb69dff8fb113d24dcf1cce2a2f2b422ffe435
-
SHA512
7761126e00a2d27bb156ade295b3f5aece295ea62f7f1d8bddb281935b353936c4d598f67d1623f080c8f1c277e86099c1f4b12137de3ba5d3fc87bf66af20e0
-
SSDEEP
12288:zkKRoRYuv4kr7CcTUlp2QtvXnN0q1i5ZEVEGxMagvPS1:5o4yfetvZU5ZEVRxM1C
Static task
static1
Behavioral task
behavioral1
Sample
Ödeme 31722.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Ödeme 31722.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922
Targets
-
-
Target
Ödeme 31722.exe
-
Size
960KB
-
MD5
cf0fd6f23ff3da25f00bad7b446f73a1
-
SHA1
7625497a99c6792d15149933320419bc13224c55
-
SHA256
1f176fdfac20ab4ddb6978f2d9bb69dff8fb113d24dcf1cce2a2f2b422ffe435
-
SHA512
7761126e00a2d27bb156ade295b3f5aece295ea62f7f1d8bddb281935b353936c4d598f67d1623f080c8f1c277e86099c1f4b12137de3ba5d3fc87bf66af20e0
-
SSDEEP
12288:zkKRoRYuv4kr7CcTUlp2QtvXnN0q1i5ZEVEGxMagvPS1:5o4yfetvZU5ZEVRxM1C
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-