General
-
Target
hesaphareketi-01.exe
-
Size
663KB
-
Sample
230718-p2cbaaac85
-
MD5
1aa0c36d4fb2ac79a6cb902da1cdf21c
-
SHA1
e539ad8f06b90105cafd5ce497be6049dd19edde
-
SHA256
5958de331a0caeb250569736c1e1d2634f0ed18526488f4ea55e7731b879c077
-
SHA512
cd8018e07e8347806140efa2d1859ffa330a629e942eddddb321d30a22646b936c7e64006426481a6083099ce2507f20533bb4abef05315e0ac11cde8ce01370
-
SSDEEP
12288:eDv0SxNm1rC5X3NCPYC1zdIIXGo2FwM04sGNn/lBij2l0/eGRYpyuD8Iy/Je/XCr:CMKcZAXdCPYyIbo2t04sGNn/lBij2l0z
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6331506862:AAEKFOHP1JKUDc0rSEqmiyzoaDWsXo8zqs4/sendMessage?chat_id=932962718
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
663KB
-
MD5
1aa0c36d4fb2ac79a6cb902da1cdf21c
-
SHA1
e539ad8f06b90105cafd5ce497be6049dd19edde
-
SHA256
5958de331a0caeb250569736c1e1d2634f0ed18526488f4ea55e7731b879c077
-
SHA512
cd8018e07e8347806140efa2d1859ffa330a629e942eddddb321d30a22646b936c7e64006426481a6083099ce2507f20533bb4abef05315e0ac11cde8ce01370
-
SSDEEP
12288:eDv0SxNm1rC5X3NCPYC1zdIIXGo2FwM04sGNn/lBij2l0/eGRYpyuD8Iy/Je/XCr:CMKcZAXdCPYyIbo2t04sGNn/lBij2l0z
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-