General
-
Target
NEAS.31899311def16c86b9d15294fd9a2b765b4a574b79a28d70b0f3dd73b25d62f5exe_JC.exe
-
Size
902KB
-
Sample
231019-wajdvabb73
-
MD5
69110e7c026f12d745c9eb14457cf51e
-
SHA1
7dd89471735d1bfa3dd903e7ad92c29106dc4cce
-
SHA256
31899311def16c86b9d15294fd9a2b765b4a574b79a28d70b0f3dd73b25d62f5
-
SHA512
2f029deece251f0c29b6145df2b53a642a0c17359a829aadee2365fdb7f6a51c1909b891c4026ea92b84d93ea8739f20fea2eea7f8a1c5965ae0e504c8bb9f79
-
SSDEEP
12288:+b2V7zXvhzk2tGXG3yFyHNhr8LZNeqaFr+sfCEpqQxGgqROd:v7zXBvQKu2ZeZNZ0r+agROd
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.31899311def16c86b9d15294fd9a2b765b4a574b79a28d70b0f3dd73b25d62f5exe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.31899311def16c86b9d15294fd9a2b765b4a574b79a28d70b0f3dd73b25d62f5exe_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gkas.com.tr - Port:
587 - Username:
[email protected] - Password:
Gkasteknik@2022
Targets
-
-
Target
NEAS.31899311def16c86b9d15294fd9a2b765b4a574b79a28d70b0f3dd73b25d62f5exe_JC.exe
-
Size
902KB
-
MD5
69110e7c026f12d745c9eb14457cf51e
-
SHA1
7dd89471735d1bfa3dd903e7ad92c29106dc4cce
-
SHA256
31899311def16c86b9d15294fd9a2b765b4a574b79a28d70b0f3dd73b25d62f5
-
SHA512
2f029deece251f0c29b6145df2b53a642a0c17359a829aadee2365fdb7f6a51c1909b891c4026ea92b84d93ea8739f20fea2eea7f8a1c5965ae0e504c8bb9f79
-
SSDEEP
12288:+b2V7zXvhzk2tGXG3yFyHNhr8LZNeqaFr+sfCEpqQxGgqROd:v7zXBvQKu2ZeZNZ0r+agROd
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-