General

  • Target

    BELGELER VE ÖDEMELER.exe

  • Size

    861KB

  • Sample

    240131-nbne7aahb9

  • MD5

    8a2102b1708487bb3096c4d176ca498e

  • SHA1

    ec4b9988410528115495f63014aac126249b8cc7

  • SHA256

    7c55e53536e6fe6f646bbdd2278b67176788a31a727bc24b4ed872c617d46dbd

  • SHA512

    41ae9b788ceebc5197196a79fa6751916b6deedc2cb98a6bd2355dd5e9f75ffcbc66c2f9d9dcc1951532b8fb23dcff10d81735b35584f8bb7ceace1fcb3c37c2

  • SSDEEP

    12288:foacIAYQ4VIBiYoaJD1+7/KeKDtc1Tjv7Ynx:g7IA1N7JZmbKDyNr7Ynx

Malware Config

Targets

    • Target

      BELGELER VE ÖDEMELER.exe

    • Size

      861KB

    • MD5

      8a2102b1708487bb3096c4d176ca498e

    • SHA1

      ec4b9988410528115495f63014aac126249b8cc7

    • SHA256

      7c55e53536e6fe6f646bbdd2278b67176788a31a727bc24b4ed872c617d46dbd

    • SHA512

      41ae9b788ceebc5197196a79fa6751916b6deedc2cb98a6bd2355dd5e9f75ffcbc66c2f9d9dcc1951532b8fb23dcff10d81735b35584f8bb7ceace1fcb3c37c2

    • SSDEEP

      12288:foacIAYQ4VIBiYoaJD1+7/KeKDtc1Tjv7Ynx:g7IA1N7JZmbKDyNr7Ynx

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks