Overview

overview

10

Static

static

3

hesaphareketi-01.exe

windows7-x64

10

hesaphareketi-01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hesaphareketi-01.exe

  • Size

    619KB

  • Sample

    231207-jgyqwsbec7

  • MD5

    d6aa9f5bcb8f7ca3146b5c0d2e3dabbc

  • SHA1

    24874aebfd09b19e69b592945f96461a8aac09b2

  • SHA256

    1c058ff86662b1c0157e5f550ac61052fb776859e5d7ffd2a73f5c192b509058

  • SHA512

    1ce2b5eb4044a79104b870ad65eb341b95243db2a1980a35202a1438129c5edfec3d32e342ff1845cdb2d03923f4e2624fae159fdeb13a85ff3c21b3fc88e3ae

  • SSDEEP

    12288:1x5nF8ME6jD/hE1+BnDRNa0cqSWnMhbBX0jwB8wBLsP:1xPtD/eoBe8SWMhNXkwBpI

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.ozakaluminyum.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ETKghx*c3KoQ

Targets

    • Target

      hesaphareketi-01.exe

    • Size

      619KB

    • MD5

      d6aa9f5bcb8f7ca3146b5c0d2e3dabbc

    • SHA1

      24874aebfd09b19e69b592945f96461a8aac09b2

    • SHA256

      1c058ff86662b1c0157e5f550ac61052fb776859e5d7ffd2a73f5c192b509058

    • SHA512

      1ce2b5eb4044a79104b870ad65eb341b95243db2a1980a35202a1438129c5edfec3d32e342ff1845cdb2d03923f4e2624fae159fdeb13a85ff3c21b3fc88e3ae

    • SSDEEP

      12288:1x5nF8ME6jD/hE1+BnDRNa0cqSWnMhbBX0jwB8wBLsP:1xPtD/eoBe8SWMhNXkwBpI

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks