General
-
Target
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948.zip
-
Size
509KB
-
Sample
231119-z22w2sbf33
-
MD5
22424dfa462c2f73bfe24bf73c85d9bb
-
SHA1
1af0efd33b199a6f79945e15c00bf1b1103824df
-
SHA256
069e01a0389e4ffee5a296b878e2a9db8c358e63b48898efc1fee5a6a65f7227
-
SHA512
68bdaa9cafadb394b387beb7a384dc698988fe2bd462d4473a3f29ba7f738ee48a9127d2a5abe5a05da1395efc7475b991a1ffb75f27dd9ae2d244602f6184d8
-
SSDEEP
12288:y3nyR6h+0MQWbYUCqqfukdqhHam/fwEbaUZDfc8lcxeP:IylLUqf/fwEz7tP
Static task
static1
Behavioral task
behavioral1
Sample
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gkas.com.tr - Port:
587 - Username:
[email protected] - Password:
Gkasteknik@2022
Targets
-
-
Target
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948.exe
-
Size
686KB
-
MD5
5a663a122c4d05a04fbe40571d2271aa
-
SHA1
f0e47c9a3b2bda06c706cb680f6f2efadb201520
-
SHA256
fde758d52b541296b4a6f68c65332fb1ae491b7d92723faafd252b3f46d9c948
-
SHA512
a421723519a558abad954c13be517a3ec3ff945c197c7715c6b1746a7dd54a436a2846a2334651f4bfe19ad02c5a8a04809daa4d61e3c61d6490c5e3c7d67c06
-
SSDEEP
12288:S0gM1iEpS4TRIBS0eVR8IwE1WqoPTvSFxU5LlbI:SiRp3T+GXDXoPTvIALlbI
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-