General
-
Target
SecuriteInfo.com.Win64.RATX-gen.3532.21910.exe
-
Size
358KB
-
Sample
231012-gzkwmsbg3s
-
MD5
c20a57ff488a3dea6e3b9e592612849a
-
SHA1
f40e651c3f99997672163881113ae4a84b68b6ee
-
SHA256
67e0a55c59473a7ff545ea569457a30892a0dfc7b6b898a1f46fa4b1065b92bb
-
SHA512
1faa192f03da5d6a36c369a8b6dcbcdde65e9f9265c65b418a2ed3bb5878f2900440a24a88c31611ac7eb19f72b3424e67043b78d3cf651a0005e1a4cb412348
-
SSDEEP
6144:KiVg5C/D8frFV5b9mCIcbDqAxuuiqoh/uCwSZK7P7V0gp/lN0:KiVHb8xX9bIf+TBo5uRrCc/I
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.RATX-gen.3532.21910.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.RATX-gen.3532.21910.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gkas.com.tr - Port:
587 - Username:
[email protected] - Password:
Gkasteknik@2022
Targets
-
-
Target
SecuriteInfo.com.Win64.RATX-gen.3532.21910.exe
-
Size
358KB
-
MD5
c20a57ff488a3dea6e3b9e592612849a
-
SHA1
f40e651c3f99997672163881113ae4a84b68b6ee
-
SHA256
67e0a55c59473a7ff545ea569457a30892a0dfc7b6b898a1f46fa4b1065b92bb
-
SHA512
1faa192f03da5d6a36c369a8b6dcbcdde65e9f9265c65b418a2ed3bb5878f2900440a24a88c31611ac7eb19f72b3424e67043b78d3cf651a0005e1a4cb412348
-
SSDEEP
6144:KiVg5C/D8frFV5b9mCIcbDqAxuuiqoh/uCwSZK7P7V0gp/lN0:KiVHb8xX9bIf+TBo5uRrCc/I
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-