General
-
Target
Ödeme 31722.exe
-
Size
1.1MB
-
Sample
221003-kd5wgafbc4
-
MD5
9c28b35f5d7b025e1f4a49e52f51470d
-
SHA1
36fd42e0272bcd1d05fb62f052fa01d1b9422821
-
SHA256
22805984d67d2c9a896aca6d757a00e3adde2b538efd3b8a196fea685e9f9981
-
SHA512
b042c5b28529c3272630d3642f0ed3250fb139177f141277d4e97860bb8683d5868744fa03c7090155506a32f13fc3871535e2e9bba9db3f3edfe66d638848f5
-
SSDEEP
12288:1zdO0ydYLN2yxEU1nrA2SsggtWvXvmdPXOgVTJA5wWK4HTN:1hODd21FKfmPegcm
Static task
static1
Behavioral task
behavioral1
Sample
Ödeme 31722.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Ödeme 31722.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5587666659:AAG8NrrXJQs__dhk8nLJBFOspz2my8OVpX0/sendMessage?chat_id=5569775004
Targets
-
-
Target
Ödeme 31722.exe
-
Size
1.1MB
-
MD5
9c28b35f5d7b025e1f4a49e52f51470d
-
SHA1
36fd42e0272bcd1d05fb62f052fa01d1b9422821
-
SHA256
22805984d67d2c9a896aca6d757a00e3adde2b538efd3b8a196fea685e9f9981
-
SHA512
b042c5b28529c3272630d3642f0ed3250fb139177f141277d4e97860bb8683d5868744fa03c7090155506a32f13fc3871535e2e9bba9db3f3edfe66d638848f5
-
SSDEEP
12288:1zdO0ydYLN2yxEU1nrA2SsggtWvXvmdPXOgVTJA5wWK4HTN:1hODd21FKfmPegcm
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-