General
-
Target
hesaphareketi-01.exe
-
Size
619KB
-
Sample
231207-jgyqwsbec7
-
MD5
d6aa9f5bcb8f7ca3146b5c0d2e3dabbc
-
SHA1
24874aebfd09b19e69b592945f96461a8aac09b2
-
SHA256
1c058ff86662b1c0157e5f550ac61052fb776859e5d7ffd2a73f5c192b509058
-
SHA512
1ce2b5eb4044a79104b870ad65eb341b95243db2a1980a35202a1438129c5edfec3d32e342ff1845cdb2d03923f4e2624fae159fdeb13a85ff3c21b3fc88e3ae
-
SSDEEP
12288:1x5nF8ME6jD/hE1+BnDRNa0cqSWnMhbBX0jwB8wBLsP:1xPtD/eoBe8SWMhNXkwBpI
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ozakaluminyum.com - Port:
587 - Username:
[email protected] - Password:
ETKghx*c3KoQ
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
619KB
-
MD5
d6aa9f5bcb8f7ca3146b5c0d2e3dabbc
-
SHA1
24874aebfd09b19e69b592945f96461a8aac09b2
-
SHA256
1c058ff86662b1c0157e5f550ac61052fb776859e5d7ffd2a73f5c192b509058
-
SHA512
1ce2b5eb4044a79104b870ad65eb341b95243db2a1980a35202a1438129c5edfec3d32e342ff1845cdb2d03923f4e2624fae159fdeb13a85ff3c21b3fc88e3ae
-
SSDEEP
12288:1x5nF8ME6jD/hE1+BnDRNa0cqSWnMhbBX0jwB8wBLsP:1xPtD/eoBe8SWMhNXkwBpI
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-