General
-
Target
05.12.2023_tahsil_senedi_bilgileri.xls.exe
-
Size
681KB
-
Sample
231205-hvsalahf4z
-
MD5
3270695f929b3f2499f9f56d76c9b08f
-
SHA1
32e75a939b0ae09a898339004afa4bbeb3ce6d68
-
SHA256
c7c0a22744179c319910d7c9508866ebfc6d35beeee844b8462bab9c04af4b19
-
SHA512
23360736cdda1b3cd4cf07046936f512d3ab9c50c47422f1e7d3e689ad5143ef450ea8b3f0660c38a892c6191023b16b731c559ed11b3104e74b60f8986110f5
-
SSDEEP
12288:Xy7KE6jD/62iNG5nF8rmi9VEsqhzUoo3j3D829wV1wIctP/T:X6KtD/61IGzEsGInjwV1wFtX
Static task
static1
Behavioral task
behavioral1
Sample
05.12.2023_tahsil_senedi_bilgileri.xls.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
05.12.2023_tahsil_senedi_bilgileri.xls.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ozakaluminyum.com - Port:
587 - Username:
[email protected] - Password:
ETKghx*c3KoQ
Targets
-
-
Target
05.12.2023_tahsil_senedi_bilgileri.xls.exe
-
Size
681KB
-
MD5
3270695f929b3f2499f9f56d76c9b08f
-
SHA1
32e75a939b0ae09a898339004afa4bbeb3ce6d68
-
SHA256
c7c0a22744179c319910d7c9508866ebfc6d35beeee844b8462bab9c04af4b19
-
SHA512
23360736cdda1b3cd4cf07046936f512d3ab9c50c47422f1e7d3e689ad5143ef450ea8b3f0660c38a892c6191023b16b731c559ed11b3104e74b60f8986110f5
-
SSDEEP
12288:Xy7KE6jD/62iNG5nF8rmi9VEsqhzUoo3j3D829wV1wIctP/T:X6KtD/61IGzEsGInjwV1wFtX
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-