General
-
Target
4f2c6a52e85eed103eccb048c9bb33cd.bin
-
Size
183KB
-
Sample
230602-bxfk9ahf7y
-
MD5
eb2fe171a370568bfe0c1220c8607c33
-
SHA1
8c816457b40c0eb39bf4f3af7cd716046e941038
-
SHA256
82ff25d0ed5f617be4b51339f26936c5812fddbff77a39af7b0df77e5097e95f
-
SHA512
47f4a07b511d314a8eef58a47dd285b9053056626d9c90ad755ec9ada10c6cd71e03b7e66af9d2fedc46d02b155e9936ca6b8d41eb11d85131dd7af86301f3a7
-
SSDEEP
3072:V5HHg9nUgE4fc1jl9sJKcu7EgTv7TQ0I0Mza/FPdXMtrkI6tajFkbLbn31aJ/:V5gVUh1jcK7YOv7TQ30+onXMiI6tKkbY
Static task
static1
Behavioral task
behavioral1
Sample
732354f17c07ca3b384ec5c2cdceed76395fbbdf3cd9e615d2383a444e35d695.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
732354f17c07ca3b384ec5c2cdceed76395fbbdf3cd9e615d2383a444e35d695.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
posta.ni.net.tr - Port:
587 - Username:
selen.ozyer@apareia.com.tr - Password:
nilya1957 - Email To:
saleseuropower2@yandex.com
https://api.telegram.org/bot5514204561:AAErcjaIvflhP_Fb36V8b-2QdbJLnbLXah8/sendMessage?chat_id=1813585870
Targets
-
-
Target
732354f17c07ca3b384ec5c2cdceed76395fbbdf3cd9e615d2383a444e35d695.exe
-
Size
222KB
-
MD5
4f2c6a52e85eed103eccb048c9bb33cd
-
SHA1
83a26cb54d7259506f68182951da8a4426cb1e4f
-
SHA256
732354f17c07ca3b384ec5c2cdceed76395fbbdf3cd9e615d2383a444e35d695
-
SHA512
61bf47d3bc10b9f98705a18d13cf8d363905cd89d43ab18e3a56aa1e76b1549fa33b08e97b7f767afd3a5199b3679c0a6048351cf0660aab64b07c1143089b07
-
SSDEEP
6144:W5hrsBs2tROJ8VUgol+Ow3iUUUsSdLTVy:W5hrs3tRjWFlSdsSLJ
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-