General
-
Target
Halkbank_Ekstre_20231012_094094_956367.exe
-
Size
853KB
-
Sample
231018-teha8sfh2x
-
MD5
c1100b4f1a59545b8fa170d3404c6fda
-
SHA1
3a41caab745f9bead4253b0b44943a6a4979e01f
-
SHA256
6af326333d060286daaf29227b41f2afb25c43f072571a096c504c84e61749d3
-
SHA512
53873bb896faed0797ba995b73bbbfa813c3efb754c5da27aa8a9834de2bdf01a7cafd14330a18f21f4484b89ab423ce5720a776533e3026d557b120629ff788
-
SSDEEP
12288:SNgo/6WgAjGw/7f+3G/PVfv0YuIZrwWU:poyCr7f9PVHxRy
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20231012_094094_956367.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20231012_094094_956367.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
7f*ybyLDVD[J
Targets
-
-
Target
Halkbank_Ekstre_20231012_094094_956367.exe
-
Size
853KB
-
MD5
c1100b4f1a59545b8fa170d3404c6fda
-
SHA1
3a41caab745f9bead4253b0b44943a6a4979e01f
-
SHA256
6af326333d060286daaf29227b41f2afb25c43f072571a096c504c84e61749d3
-
SHA512
53873bb896faed0797ba995b73bbbfa813c3efb754c5da27aa8a9834de2bdf01a7cafd14330a18f21f4484b89ab423ce5720a776533e3026d557b120629ff788
-
SSDEEP
12288:SNgo/6WgAjGw/7f+3G/PVfv0YuIZrwWU:poyCr7f9PVHxRy
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-