General
-
Target
b28fed6e73d8203eeebe48b75835f1a6.exe
-
Size
522KB
-
Sample
231112-jktaksdb5x
-
MD5
b28fed6e73d8203eeebe48b75835f1a6
-
SHA1
45b15d54281ebd0a946fa905dd85c563a221ec90
-
SHA256
9797593a4d2f9d01dbb48e57bf0aa5bb970b6ad988f5f8df872ea6f29ece00df
-
SHA512
7e970c4e45d430b17f904c0721fb1cc64b9961b0776adc211ddc0e5ca9ae48594ffbd9004a7d5db23e39940e627c8d34cfb85332c2b4e206df901fe0a97f5cef
-
SSDEEP
12288:11DKzKH/PPM+WC/cj4KmuMT5FqQTkRmGCnmLS0beG3:vDKQ1q9mLu6mT7
Static task
static1
Behavioral task
behavioral1
Sample
b28fed6e73d8203eeebe48b75835f1a6.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
b28fed6e73d8203eeebe48b75835f1a6.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gkas.com.tr - Port:
587 - Username:
[email protected] - Password:
Gkasteknik@2022
Targets
-
-
Target
b28fed6e73d8203eeebe48b75835f1a6.exe
-
Size
522KB
-
MD5
b28fed6e73d8203eeebe48b75835f1a6
-
SHA1
45b15d54281ebd0a946fa905dd85c563a221ec90
-
SHA256
9797593a4d2f9d01dbb48e57bf0aa5bb970b6ad988f5f8df872ea6f29ece00df
-
SHA512
7e970c4e45d430b17f904c0721fb1cc64b9961b0776adc211ddc0e5ca9ae48594ffbd9004a7d5db23e39940e627c8d34cfb85332c2b4e206df901fe0a97f5cef
-
SSDEEP
12288:11DKzKH/PPM+WC/cj4KmuMT5FqQTkRmGCnmLS0beG3:vDKQ1q9mLu6mT7
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-