General
-
Target
Gun Ici Cek Statu Listesi.exe
-
Size
707KB
-
Sample
231126-vcvzzsae65
-
MD5
df9cc5e53cba3ae39407b8869a81e206
-
SHA1
b429c5b311055c819506c4c5e4df1c6cc288b008
-
SHA256
f8af447d9c19f47df305a44bc8556a1d0f651c22d911f320a53c2a36556988ff
-
SHA512
2b6a23917bb7ce1062f33e04d7b62eaace8e7abca3b90f5d99cc7f83816c12111493b426186708b095066c87f8ce61ee85a857cc38f321f4570da5ad228c9ae0
-
SSDEEP
12288:HGzkoVGyAbFjc+DUL5iEni6aHr7IoFWNjD76r/ECn394LIVeGy90a9vkL9FTJM+J:QxEyAjceUL5k6IPvSuLEy3SLF
Malware Config
Targets
-
-
Target
Gun Ici Cek Statu Listesi.exe
-
Size
707KB
-
MD5
df9cc5e53cba3ae39407b8869a81e206
-
SHA1
b429c5b311055c819506c4c5e4df1c6cc288b008
-
SHA256
f8af447d9c19f47df305a44bc8556a1d0f651c22d911f320a53c2a36556988ff
-
SHA512
2b6a23917bb7ce1062f33e04d7b62eaace8e7abca3b90f5d99cc7f83816c12111493b426186708b095066c87f8ce61ee85a857cc38f321f4570da5ad228c9ae0
-
SSDEEP
12288:HGzkoVGyAbFjc+DUL5iEni6aHr7IoFWNjD76r/ECn394LIVeGy90a9vkL9FTJM+J:QxEyAjceUL5k6IPvSuLEy3SLF
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-