General
-
Target
hesap hareketi-01.pdf.exe
-
Size
44KB
-
Sample
231108-js9brshd52
-
MD5
418aa28c488809dc336199188ac90b5e
-
SHA1
a9f9f5d5f098c08a66eb2a2e1be2cd5ff2d654e1
-
SHA256
211bbf7b08bd07a5c74d049e67d35a428497a8a30b180d8172cd9a74f8278887
-
SHA512
854b03fe94104e132495c807dc6409e88792fa39494cbd5b053b8d59dfd00b252dbc5acf67c90e60e9d81b90bfaf6911691e206f2720b00deedd6d86cdfb3925
-
SSDEEP
768:2m9yBYirFST0hpfB5RKFJtLtWDUrs4nMWp/YI4XuMI/t6nOa6Ty/:5jkfqltWssL9o1t6Oa//
Static task
static1
Behavioral task
behavioral1
Sample
hesap hareketi-01.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
hesap hareketi-01.pdf.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.status-automation.com - Port:
587 - Username:
[email protected] - Password:
bkkhoostatus2018
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.status-automation.com - Port:
587 - Username:
[email protected] - Password:
bkkhoostatus2018 - Email To:
[email protected]
Targets
-
-
Target
hesap hareketi-01.pdf.exe
-
Size
44KB
-
MD5
418aa28c488809dc336199188ac90b5e
-
SHA1
a9f9f5d5f098c08a66eb2a2e1be2cd5ff2d654e1
-
SHA256
211bbf7b08bd07a5c74d049e67d35a428497a8a30b180d8172cd9a74f8278887
-
SHA512
854b03fe94104e132495c807dc6409e88792fa39494cbd5b053b8d59dfd00b252dbc5acf67c90e60e9d81b90bfaf6911691e206f2720b00deedd6d86cdfb3925
-
SSDEEP
768:2m9yBYirFST0hpfB5RKFJtLtWDUrs4nMWp/YI4XuMI/t6nOa6Ty/:5jkfqltWssL9o1t6Oa//
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-