General

  • Target

    hesaphareketi-01.exe

  • Size

    619KB

  • Sample

    231207-jgyqwsbec7

  • MD5

    d6aa9f5bcb8f7ca3146b5c0d2e3dabbc

  • SHA1

    24874aebfd09b19e69b592945f96461a8aac09b2

  • SHA256

    1c058ff86662b1c0157e5f550ac61052fb776859e5d7ffd2a73f5c192b509058

  • SHA512

    1ce2b5eb4044a79104b870ad65eb341b95243db2a1980a35202a1438129c5edfec3d32e342ff1845cdb2d03923f4e2624fae159fdeb13a85ff3c21b3fc88e3ae

  • SSDEEP

    12288:1x5nF8ME6jD/hE1+BnDRNa0cqSWnMhbBX0jwB8wBLsP:1xPtD/eoBe8SWMhNXkwBpI

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.ozakaluminyum.com
  • Port:
    587
  • Username:
    bilgi@ozakaluminyum.com
  • Password:
    ETKghx*c3KoQ

Targets

    • Target

      hesaphareketi-01.exe

    • Size

      619KB

    • MD5

      d6aa9f5bcb8f7ca3146b5c0d2e3dabbc

    • SHA1

      24874aebfd09b19e69b592945f96461a8aac09b2

    • SHA256

      1c058ff86662b1c0157e5f550ac61052fb776859e5d7ffd2a73f5c192b509058

    • SHA512

      1ce2b5eb4044a79104b870ad65eb341b95243db2a1980a35202a1438129c5edfec3d32e342ff1845cdb2d03923f4e2624fae159fdeb13a85ff3c21b3fc88e3ae

    • SSDEEP

      12288:1x5nF8ME6jD/hE1+BnDRNa0cqSWnMhbBX0jwB8wBLsP:1xPtD/eoBe8SWMhNXkwBpI

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks