General
-
Target
hareketleriniz.pdf.exe
-
Size
25KB
-
Sample
231101-g1fy3sdf24
-
MD5
c9303344ad8835a85fc0b2a09e01f573
-
SHA1
18adb6199034985533754d12cf2980ec2d5b71f4
-
SHA256
7284a7a47a6c2aa97dddd4b8eb7a04e285e2d36aab49d1564421be0c7a6d8f8a
-
SHA512
9607a276f72dcdb6103efdbc6a894eaf8413722830d9656070461085f4312b3f001c0862595596a3baa42827ff3458d4453bbea4ce111e6c0c733733146339c2
-
SSDEEP
384:79ZyyYEaGmLV8SwFtiOUo9U2QuW2APL6yRqtxAx+roEOsVK/KO+sB6fy:poy11YwXuZHuNs3RqtGx+roAYP+96
Static task
static1
Behavioral task
behavioral1
Sample
hareketleriniz.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
hareketleriniz.pdf.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6491126749:AAEgYHjfebL8yDkuzneMucym5CaT8YIRGJE/sendMessage?chat_id=5262627523
Targets
-
-
Target
hareketleriniz.pdf.exe
-
Size
25KB
-
MD5
c9303344ad8835a85fc0b2a09e01f573
-
SHA1
18adb6199034985533754d12cf2980ec2d5b71f4
-
SHA256
7284a7a47a6c2aa97dddd4b8eb7a04e285e2d36aab49d1564421be0c7a6d8f8a
-
SHA512
9607a276f72dcdb6103efdbc6a894eaf8413722830d9656070461085f4312b3f001c0862595596a3baa42827ff3458d4453bbea4ce111e6c0c733733146339c2
-
SSDEEP
384:79ZyyYEaGmLV8SwFtiOUo9U2QuW2APL6yRqtxAx+roEOsVK/KO+sB6fy:poy11YwXuZHuNs3RqtGx+roAYP+96
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-