General
-
Target
Halkbank_Ekstre_20231019_574589_324568.pdf.exe
-
Size
949KB
-
Sample
231020-npfmhaac7t
-
MD5
9869b521f18fc52aa2ee00593f41065c
-
SHA1
aaad09ec83aa11081f2f81df2eecf0303a049a93
-
SHA256
9a2f9a2670f1a81d9e637218669c6db6a29ea962ce2cb2a81468c45aa5b40b40
-
SHA512
0140fa3cbbc1ad4e12d88fa9dc58dc4cb4b9d7d7b29be63372a937ddd2d36fc7f5342742c0ea6bede85d04fef1b56fc14b7da1b94878aa8b224698a75e65216a
-
SSDEEP
12288:IyQaMFM0Mvxv9ZtOZvkrM7aMhOt3a7kbVRpzRcv9sXfNKtHkvJlq:Iyjv9EZOSTOdVRptclmfNKhkvG
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6564714997:AAEB5Qyq9hSihv7iw6Fa5RV1VfNvFH6t4oU/sendMessage?chat_id=5328986207
Targets
-
-
Target
Halkbank_Ekstre_20231019_574589_324568.pdf.exe
-
Size
949KB
-
MD5
9869b521f18fc52aa2ee00593f41065c
-
SHA1
aaad09ec83aa11081f2f81df2eecf0303a049a93
-
SHA256
9a2f9a2670f1a81d9e637218669c6db6a29ea962ce2cb2a81468c45aa5b40b40
-
SHA512
0140fa3cbbc1ad4e12d88fa9dc58dc4cb4b9d7d7b29be63372a937ddd2d36fc7f5342742c0ea6bede85d04fef1b56fc14b7da1b94878aa8b224698a75e65216a
-
SSDEEP
12288:IyQaMFM0Mvxv9ZtOZvkrM7aMhOt3a7kbVRpzRcv9sXfNKtHkvJlq:Iyjv9EZOSTOdVRptclmfNKhkvG
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-