General
-
Target
hesap bildirimi..exe
-
Size
1.2MB
-
Sample
221003-jn93hadhc9
-
MD5
b23dbdb6ce8b1d0e3c6f185751935dd5
-
SHA1
be60259efa69bbcb776a727d225c98120ea5c620
-
SHA256
6ac2c5094ab610f7fb38129fb5bc1e66e38ed0144cc19bd0dd85c4bb582a1d19
-
SHA512
a02e49b3a4555961df246ea60efd930d073801676a829a4289f48c6a3a46e9d5180c5ca16188c6367ad22e6a48c865e2f31902d5d6017e91bb261828fe819ff0
-
SSDEEP
12288:euvHk2XK0W8aV7le/XN7OAKJTO1j9fQM0WvlzieK4HTN:YqK0W8aV7U/XN7tRiWvc
Static task
static1
Behavioral task
behavioral1
Sample
hesap bildirimi..exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
hesap bildirimi..exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922
Targets
-
-
Target
hesap bildirimi..exe
-
Size
1.2MB
-
MD5
b23dbdb6ce8b1d0e3c6f185751935dd5
-
SHA1
be60259efa69bbcb776a727d225c98120ea5c620
-
SHA256
6ac2c5094ab610f7fb38129fb5bc1e66e38ed0144cc19bd0dd85c4bb582a1d19
-
SHA512
a02e49b3a4555961df246ea60efd930d073801676a829a4289f48c6a3a46e9d5180c5ca16188c6367ad22e6a48c865e2f31902d5d6017e91bb261828fe819ff0
-
SSDEEP
12288:euvHk2XK0W8aV7le/XN7OAKJTO1j9fQM0WvlzieK4HTN:YqK0W8aV7U/XN7tRiWvc
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-