General
-
Target
hesaphareketi-01.exe
-
Size
600KB
-
Sample
231011-x68jaaae66
-
MD5
27b59a4d949be32f6febfc77d85e9644
-
SHA1
3c70d748282dab54e73298358d7e4b5d88b0c8dd
-
SHA256
e30c39079334240fccf27b7ab9bf2fb40ccba609f97bb3ae4afe0ae402db6891
-
SHA512
656076e00f2f19be3194c08167877a63bb1b1fceff5f5d129b296598e645a6c21b459a7a03e82d0af8fc1615d3b5c5b6bfe1e6d1de4685f96fed2a9b07d374e3
-
SSDEEP
6144:Vcf2aUi8VMMxv62c+SNKZ0Rht2oVVlFpAiP362gR4jecTsqsXHRddHPdtoJnnz35:B2X9KepRQibc+shPPoJnDt4QM4e+
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gkas.com.tr - Port:
587 - Username:
[email protected] - Password:
Gkasteknik@2022
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
600KB
-
MD5
27b59a4d949be32f6febfc77d85e9644
-
SHA1
3c70d748282dab54e73298358d7e4b5d88b0c8dd
-
SHA256
e30c39079334240fccf27b7ab9bf2fb40ccba609f97bb3ae4afe0ae402db6891
-
SHA512
656076e00f2f19be3194c08167877a63bb1b1fceff5f5d129b296598e645a6c21b459a7a03e82d0af8fc1615d3b5c5b6bfe1e6d1de4685f96fed2a9b07d374e3
-
SSDEEP
6144:Vcf2aUi8VMMxv62c+SNKZ0Rht2oVVlFpAiP362gR4jecTsqsXHRddHPdtoJnnz35:B2X9KepRQibc+shPPoJnDt4QM4e+
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-