General
-
Target
Halkbank_Ekstre_20230426_075819_154055.exe
-
Size
856KB
-
Sample
240502-lw7nfsed4v
-
MD5
42199f4a8e3d9fe6ce26a7d4922afec7
-
SHA1
4e7547a14798f7c4520fab21ea2e34989bf27bc7
-
SHA256
9745e0d21f50b1c553b40e8c353b11bb172a2bae1a83b3b9cfce26f9e01b3b89
-
SHA512
3d4e92428c11f2c5df88550abae2ff0dc9dc74629b0d6943836445d594cfc2d856bd08e7c9ee51507bfd9d1a9909f97d1c21e1804637f4bacdc7bfe8d05491d2
-
SSDEEP
12288:xUE2iNdlONhj8Z/SMfIi6D0zgghZPebvoI9P2WcyHdSFYQ:V1PlONV8ZrfdKcovoWuWb95
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20230426_075819_154055.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20230426_075819_154055.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.eraslangroup.net - Port:
587 - Username:
info@eraslangroup.net - Password:
aHZAyjDK - Email To:
boxdraft80@gmail.com
https://scratchdreams.tk
Targets
-
-
Target
Halkbank_Ekstre_20230426_075819_154055.exe
-
Size
856KB
-
MD5
42199f4a8e3d9fe6ce26a7d4922afec7
-
SHA1
4e7547a14798f7c4520fab21ea2e34989bf27bc7
-
SHA256
9745e0d21f50b1c553b40e8c353b11bb172a2bae1a83b3b9cfce26f9e01b3b89
-
SHA512
3d4e92428c11f2c5df88550abae2ff0dc9dc74629b0d6943836445d594cfc2d856bd08e7c9ee51507bfd9d1a9909f97d1c21e1804637f4bacdc7bfe8d05491d2
-
SSDEEP
12288:xUE2iNdlONhj8Z/SMfIi6D0zgghZPebvoI9P2WcyHdSFYQ:V1PlONV8ZrfdKcovoWuWb95
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-