General
-
Target
halkbank_Ekstre_2023029011_081940_689633.pdf.exe
-
Size
580KB
-
Sample
231130-zftcsahe26
-
MD5
c3996670eb6356a971f1ae1614a71ee6
-
SHA1
ef131d2dd9628335ca952fefad451a6ce9f7fa94
-
SHA256
6ea20989d66aa35efba273fe6d634b8a7c269c7f03a8df6dcb9c5653dcbba810
-
SHA512
bee62dd3706e3484e55b2b44e9a17474b345c5d391da51edd9789cb0a285b2fd81f0dedfae8e840943693db8b2fea0a36d5c7e1800de0af2439b290b86f711a3
-
SSDEEP
12288:Vrl1E6jD/Glz9plmQS6HOmfKXS5Cl1b44wvopox:dl1tD/GlBplR7fF5CUe
Static task
static1
Behavioral task
behavioral1
Sample
halkbank_Ekstre_2023029011_081940_689633.pdf.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
halkbank_Ekstre_2023029011_081940_689633.pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ozakaluminyum.com - Port:
587 - Username:
[email protected] - Password:
ETKghx*c3KoQ
Targets
-
-
Target
halkbank_Ekstre_2023029011_081940_689633.pdf.exe
-
Size
580KB
-
MD5
c3996670eb6356a971f1ae1614a71ee6
-
SHA1
ef131d2dd9628335ca952fefad451a6ce9f7fa94
-
SHA256
6ea20989d66aa35efba273fe6d634b8a7c269c7f03a8df6dcb9c5653dcbba810
-
SHA512
bee62dd3706e3484e55b2b44e9a17474b345c5d391da51edd9789cb0a285b2fd81f0dedfae8e840943693db8b2fea0a36d5c7e1800de0af2439b290b86f711a3
-
SSDEEP
12288:Vrl1E6jD/Glz9plmQS6HOmfKXS5Cl1b44wvopox:dl1tD/GlBplR7fF5CUe
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-