General
-
Target
4FBA75A354F32D24A339DC617BE69987DAB943DBB8073A763D9D264A91508F99
-
Size
895KB
-
Sample
230718-zjtgysee9t
-
MD5
3dae42d2dd8c28fca59531c7248c9e38
-
SHA1
a39c9246054e721e22fcfe6b16fa5f2b0208ab6a
-
SHA256
4fba75a354f32d24a339dc617be69987dab943dbb8073a763d9d264a91508f99
-
SHA512
94a4597f6669f51a1f4b7aab8faa162dd9019d45d8272a43318a331ac90b31bf45c460b335a30df520b0ba3b572978683175218a94b52f30b2adc28985a748cd
-
SSDEEP
24576:UhGTIdIMXtbcupg+qqs6GdSyGeNHnpXWTW6A:Uhi8FpFGdSfwnxWTW6A
Static task
static1
Behavioral task
behavioral1
Sample
evraklar.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
evraklar.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5932548741:AAFytn5z9IUn93hcbUn3eb19fE08x1AWGz0/sendMessage?chat_id=5034680713
Targets
-
-
Target
evraklar.exe
-
Size
1.0MB
-
MD5
9e70755fa332d8cf4fdaf16845d53af0
-
SHA1
2ac4d97546e0b65bd4a7155dd554209ba29e00ac
-
SHA256
8ab395051b25a0711bdf0041c343d9a3de2a32b542ff3ee9aa1162c0e14ed28a
-
SHA512
2dcb662d3e618c07ff2f273c9cf2b1a6cac91c68a0147aa2a305400f84b5abd76cddf4d8da14315c8f9683a87de21c3c6d64d35763a6dcea0f2ab19cf4ce2bfd
-
SSDEEP
24576:NTbBv5rUan7Oq9evjU7syeVKN/5ivrWvg:HBj7Oq9eIgy0KN/5ivrig
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-