General
-
Target
14112023_2025_13112023_Hesap_Hareketleri_13112023.7z
-
Size
520KB
-
Sample
231114-plj17aba74
-
MD5
2df98e777673b669eb2f7da4522442e0
-
SHA1
5e252b8cb8fa0d759627ca139aff8509f054a176
-
SHA256
018a18c9bf06f85a05d2b55c89766a83e6da51ab3e653cd3e2a76e37d569d690
-
SHA512
4abf082824fc2ff0bc5db8ce35b28aadb0cf337b4d5b28c424b510a8b1b9b2d9ba32b62f5bfb4c81325a10c0a109eb08ec8be458a81d4a0fb9d32f2cf4689f0f
-
SSDEEP
12288:BR5Idmm2dP/E1yqnDQGBu1ean2LHXQMGuvFNtzLU22SHDd2czAJdNwDrWXz:MsPMoiw1ean2LSMZ2g2zADrWj
Static task
static1
Behavioral task
behavioral1
Sample
Hesap_Hareketleri_13112023.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Hesap_Hareketleri_13112023.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gkas.com.tr - Port:
587 - Username:
[email protected] - Password:
Gkasteknik@2022
Targets
-
-
Target
Hesap_Hareketleri_13112023.exe
-
Size
635KB
-
MD5
e03443f35c0929b82184cc819f1d893e
-
SHA1
8aa0f351f283a54ccb7c35470c644bf2ae8c17c4
-
SHA256
621f3150df66056c73b465be0a703aa60905ce0d19d7cc08cdaa56efa3a19164
-
SHA512
08ca498709bface39ba314b411bf5654ff86cbf358120bc8779b86ea109dde9723a1833ca16f891fd45b1997178a51c19b46911e53a970715c54e4f680325bc2
-
SSDEEP
12288:aWOTNXc3DunBAFnScQzyq31Q1RuhvK0MLHmQMGuZTAtz9U2MvIDdBszAJdNw35iy:l3DuBqScteVhvK0MLddTMkBjA35
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-