General
-
Target
hesaphareketi-01.exe
-
Size
514KB
-
Sample
231031-hn8zrsbb94
-
MD5
df9d5f4dd7b35e1288a6a0e07a98062f
-
SHA1
5b020e8de129627a692a4ef05037a5f9ce5b325f
-
SHA256
a84acc5fbe08df8a0f7439ee0b595b43c7ddaaac6c4b9927932807fb69294b14
-
SHA512
a075f1769d7ac5002f6ce44b40f3145ebb678030482dbe41d20a524fc8820e8ee68ecf471a1414e169aa5b30a750df9bed9f9e5db45150939c5bf0ac6e9026de
-
SSDEEP
12288:w8K69yqL+/jcidCDkudyLR5Cbm16RR6iXNVxhPlEAZfnWab:A6Xi/vUQudE3CCkwiXhLHZ/bb
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gkas.com.tr - Port:
587 - Username:
[email protected] - Password:
Gkasteknik@2022
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
514KB
-
MD5
df9d5f4dd7b35e1288a6a0e07a98062f
-
SHA1
5b020e8de129627a692a4ef05037a5f9ce5b325f
-
SHA256
a84acc5fbe08df8a0f7439ee0b595b43c7ddaaac6c4b9927932807fb69294b14
-
SHA512
a075f1769d7ac5002f6ce44b40f3145ebb678030482dbe41d20a524fc8820e8ee68ecf471a1414e169aa5b30a750df9bed9f9e5db45150939c5bf0ac6e9026de
-
SSDEEP
12288:w8K69yqL+/jcidCDkudyLR5Cbm16RR6iXNVxhPlEAZfnWab:A6Xi/vUQudE3CCkwiXhLHZ/bb
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-