General
-
Target
Halkbank_Ekstre_20231128_435212_2535363.pdf.exe
-
Size
532KB
-
Sample
231128-j3ej5sge41
-
MD5
3c55772d1d2d8e233a8134fdafaa172d
-
SHA1
d64bef49731e6048fbd78451e4ec2ee7d425143a
-
SHA256
14d85ed5d393839b550f5a8c2fd37a1a3ddb70e802b77f7b433f3c2ff34c635d
-
SHA512
ab946c3994d74d92765d1ca7fc02c9b4a808801b52435482e2b815e6adf6c37f787659b12cbbf43d2e5d8121caa2b1bcc63cd0999f3f7f968a15e748fdff028c
-
SSDEEP
12288:hiZCQmbCpQN8oOVTBqmC/tttm2hH2UJS77GMM6m1jSsGI:M4N8R5Bu/tfLhH2UAHtDsG
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20231128_435212_2535363.pdf.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20231128_435212_2535363.pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
Halkbank_Ekstre_20231128_435212_2535363.pdf.exe
-
Size
532KB
-
MD5
3c55772d1d2d8e233a8134fdafaa172d
-
SHA1
d64bef49731e6048fbd78451e4ec2ee7d425143a
-
SHA256
14d85ed5d393839b550f5a8c2fd37a1a3ddb70e802b77f7b433f3c2ff34c635d
-
SHA512
ab946c3994d74d92765d1ca7fc02c9b4a808801b52435482e2b815e6adf6c37f787659b12cbbf43d2e5d8121caa2b1bcc63cd0999f3f7f968a15e748fdff028c
-
SSDEEP
12288:hiZCQmbCpQN8oOVTBqmC/tttm2hH2UJS77GMM6m1jSsGI:M4N8R5Bu/tfLhH2UAHtDsG
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-