General
-
Target
80a8ad00d2b5fdeed575563e125913c7f5805d4fde1c4aa19a5e11336c3611d1
-
Size
506KB
-
Sample
221128-pen2kage6z
-
MD5
b39270f50e63f82001c5988b8f71d5d1
-
SHA1
ee344dd5ca838edaff2f9b7cfe1d685ea401b297
-
SHA256
80a8ad00d2b5fdeed575563e125913c7f5805d4fde1c4aa19a5e11336c3611d1
-
SHA512
3c6a37a5158b5a8f4bc7eca0fb161e25892b925c8fb13d14cbdab092aa1a09a0255cb9c3fd0fd9aacbe2380f3ddad2d743c860f8d11fbda35d3e4547376799f9
-
SSDEEP
12288:gmnTSmhsbtnx7S3YQlb1TuEH0rSXRORlfu3hnq90l:gmnTSgs5dSrlNuk0rqRllq90l
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank,doc.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Halkbank,doc.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.irw.com.br - Port:
25 - Username:
sales11@irw.com.br - Password:
Everest10@ - Email To:
nonyekeylogger@gmail.com
Targets
-
-
Target
Halkbank,doc.exe
-
Size
572KB
-
MD5
83e790cb92a1c055ea9a72c6ebd1db4b
-
SHA1
ddc4cc3521fae0da391fe1936ec4692ab3c25adb
-
SHA256
9b657f589d4329bcc5c845a20fe2a145d8c0dac5cf2987c1ec57eb42d0a5f826
-
SHA512
86f8a3cffedc9a55d1ae8ae5f2482c3d951a790fd45a5229244bd9020b29e2ed5de99bf77f0f8cda9c10cbc74e2dc9f0ba4b9f527ba0f811eda5265bee007180
-
SSDEEP
12288:xAaSSd3s8Vp+TH1sZ7HeWFB6nKHBjMvklyzSigeyiHMJVLtps7s:mJS3VMK1HFeKVtlyzz3nWVOs
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-