General
-
Target
hareketleriniz .pdf.gz
-
Size
73KB
-
Sample
231112-tav2jagf31
-
MD5
9c20dfac1e8190c1a73f507b7fc1b0bc
-
SHA1
431d76808d911da257bbb6be05bedf544cbe9d89
-
SHA256
dd2d8ca6602bafc8c7717f66402fa24743a7b9144d349598c7aa412ce33365d3
-
SHA512
2a5c5bda5e02ab3a453487555a79c529e82b6af0fb9251d8e309d142742b05905458dd4e6985d2d421b44c8d7e910d1c983fff8fa1464e70a9417b7216e860c0
-
SSDEEP
1536:ga/xYWbHs0yEA5pox7r10NCwo4LHQx4K1/v3t3/f:gwxOjEAzox7e7hJK1Hx/f
Static task
static1
Behavioral task
behavioral1
Sample
Qfegtu.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Qfegtu.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6760797270:AAECTf5-db7M39Lx0qzBnaqnlAtUljrK5Pg/sendMessage?chat_id=5262627523
Targets
-
-
Target
Qfegtu.exe
-
Size
194KB
-
MD5
a8926cfefd4e4f3ddc9d8720983a4672
-
SHA1
f964791303ce5fd8a51c8ca3eb9fdb9cbd259e74
-
SHA256
83faafb87f3e0ba23d01e4d4bda9eabf50f9301673bf32640b8204e3fe249362
-
SHA512
611f4f8a76c248c536c551e8936daffcab66e921cf9796d763c9bd620f6e15419db3280d2b0c23680b08ad4efa6b7262ac0b7fa6fb22a61e93fe5c1f929fc459
-
SSDEEP
1536:DM24LqnX0QsvKf4m/4qXlvZJJflJATUcC7T+T0tfHgVEbFM2FND64c+:D+vDmQqflSLCOuHIERMKND643
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-