General
-
Target
VakifBankKrediKartiHesapOzeti.exe
-
Size
21KB
-
Sample
231103-trxxfsee9x
-
MD5
7c680b856965144ada69a5afcb031813
-
SHA1
01967f1e2da8cdf027d42f4fa6f8d2214c7e0a49
-
SHA256
fddb5c07d9ae4295bec096fe40d29b14c27be92760e586ec99ca43a43fe16244
-
SHA512
8f742c86ad50e7e59149957b6dc57a16c0714bc45d26a8e741cf0d4fb30afac710365bf88546654b81f055927f6a34802a5ce79b44da47fc1c01f1123f8a8fa1
-
SSDEEP
384:Is8eRdyRZZFFYPd8yx3IQGrhowkp48fNZ1RzWkET7AsbRO3gCR/1:j8id3T265p48fN/EbUQCRd
Static task
static1
Behavioral task
behavioral1
Sample
VakifBankKrediKartiHesapOzeti.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
VakifBankKrediKartiHesapOzeti.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6350529534:AAEbFW9VBWTKQfN1Y3K_5RJARCtOn1UqK8o/sendMessage?chat_id=1467583453
Targets
-
-
Target
VakifBankKrediKartiHesapOzeti.exe
-
Size
21KB
-
MD5
7c680b856965144ada69a5afcb031813
-
SHA1
01967f1e2da8cdf027d42f4fa6f8d2214c7e0a49
-
SHA256
fddb5c07d9ae4295bec096fe40d29b14c27be92760e586ec99ca43a43fe16244
-
SHA512
8f742c86ad50e7e59149957b6dc57a16c0714bc45d26a8e741cf0d4fb30afac710365bf88546654b81f055927f6a34802a5ce79b44da47fc1c01f1123f8a8fa1
-
SSDEEP
384:Is8eRdyRZZFFYPd8yx3IQGrhowkp48fNZ1RzWkET7AsbRO3gCR/1:j8id3T265p48fN/EbUQCRd
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-