General
-
Target
Ziraat Bankası Swift Mesajı.pdf.exe
-
Size
577KB
-
Sample
240131-m6vmbaafh4
-
MD5
e12779a7b7ac2d2c85e96c9ac6d7d7dc
-
SHA1
3484bd1094df0332bf9e4c5f55abb4d645140015
-
SHA256
7006ebe925d1d4c3921787ad6ffcae07f437ebacf41d332b24803cc700796b07
-
SHA512
971388784fb9eed7f10cbdfc818670bc07e1bbed6ead612e341ca8c719ef50c6fd821b9128d68498585c184ca533bc8cda98cff484833cda55c91038e3e09804
-
SSDEEP
12288:BxNGIAYQ4IlQoXl3qzyheegDgdWzWmsGSnhXhawq+n0hdxaL:3sIAlQoXd8ykegDgMzWmsGSzbqsCdC
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankası Swift Mesajı.pdf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Ziraat Bankası Swift Mesajı.pdf.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Ziraat Bankası Swift Mesajı.pdf.exe
-
Size
577KB
-
MD5
e12779a7b7ac2d2c85e96c9ac6d7d7dc
-
SHA1
3484bd1094df0332bf9e4c5f55abb4d645140015
-
SHA256
7006ebe925d1d4c3921787ad6ffcae07f437ebacf41d332b24803cc700796b07
-
SHA512
971388784fb9eed7f10cbdfc818670bc07e1bbed6ead612e341ca8c719ef50c6fd821b9128d68498585c184ca533bc8cda98cff484833cda55c91038e3e09804
-
SSDEEP
12288:BxNGIAYQ4IlQoXl3qzyheegDgdWzWmsGSnhXhawq+n0hdxaL:3sIAlQoXd8ykegDgMzWmsGSzbqsCdC
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-