General
-
Target
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948.zip
-
Size
509KB
-
Sample
231119-2dz4nacd47
-
MD5
1d65d29e74b251bc07dfc8393591fb21
-
SHA1
0aa66eb30ff347848591d51d380a6a609842e45e
-
SHA256
74b31fded42c2161a6fc7b99730f75ebfce53f3787e762a8b7be6521475709f6
-
SHA512
084327d0efeac4709bc4f64a06f6218d2b4d1a0efe760a59b139cb856c8bfefe748f0b6734c7dd5dfae12245abeca77b7a0ef5312acca70a16b1dc39c3537126
-
SSDEEP
12288:QM0bx0kzYaZRHpKJT0b7CFP6ojifX5Ef5UPE1hSkDbIgRuduhxR6s8:Q1xBAWuFP6oj2XaUA/vpAuhxRi
Static task
static1
Behavioral task
behavioral1
Sample
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gkas.com.tr - Port:
587 - Username:
[email protected] - Password:
Gkasteknik@2022
Targets
-
-
Target
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948.exe
-
Size
686KB
-
MD5
5a663a122c4d05a04fbe40571d2271aa
-
SHA1
f0e47c9a3b2bda06c706cb680f6f2efadb201520
-
SHA256
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948
-
SHA512
a421723519a558abad954c13be517a3ec3ff945c197c7715c6b1746a7dd54a436a2846a2334651f4bfe19ad02c5a8a04809daa4d61e3c61d6490c5e3c7d67c06
-
SSDEEP
12288:S0gM1iEpS4TRIBS0eVR8IwE1WqoPTvSFxU5LlbI:SiRp3T+GXDXoPTvIALlbI
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-