General
-
Target
mkpub_Hesap hareketleriniz pdf.gz
-
Size
139KB
-
Sample
231003-vbraeadg6x
-
MD5
e5669ee3a1bc850edc78f821bcd237eb
-
SHA1
17080715c880c8ff2f299bbab53ba3c43db88afd
-
SHA256
2a0e4da0e8eaed6087098d2a69e25e95c3d8011d3169188ad1b2396728c42f11
-
SHA512
40ca72d5cd1a07702f7f62227ff200e7b361f30e8c8e3b0d65845835349018c990c351b1c5d633d40cbd9863a1acab8a9d31822dfae6565f4e97d12b692eebaf
-
SSDEEP
3072:gYXXwgonCPOlW4kbiv/K/t5I+sJ/Fio11H/twRkb+CY:dXXsCYFk2aV5bsCo1dqRkb8
Static task
static1
Behavioral task
behavioral1
Sample
Vhycf.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Vhycf.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6495173086:AAHM8NMu-uOSJHZaHij-umtWDUwi5-hOLog/sendMessage?chat_id=5262627523
Targets
-
-
Target
Vhycf.exe
-
Size
336KB
-
MD5
452230cd897fa11773a80b7660d1eb75
-
SHA1
1e3e5ea548df2aef3db95d4243e6add49dab9688
-
SHA256
b9d4088106a3a557fb5d909c8c5b921971704d7b764306ee4190cefd9b8d89b0
-
SHA512
51b75adcffc2dc52813dfd7a0aa16df7b348084bfc4d5999346aba724b33f8891ec282002301bf42f7955f5e1169c7e9ca84af54f50823cb8e1079b1ea7233f9
-
SSDEEP
6144:7Rgc2lOrSZPpLu51ZK7VsA+JgqNb8PiFU9+j9f0GVoROChql1vHLNyk5ufH/c/dj:PS7VsARqJ86FU9+j9f0GVoROChq3vXqa
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-