General

  • Target

    HESAP DETAYLARI.pdf.z

  • Size

    641KB

  • Sample

    241010-sbaxbawhnj

  • MD5

    6cb90df6a4c31789b2a4684e41fa5b8a

  • SHA1

    faecadc468571e53d85f26b2707681bffbd05725

  • SHA256

    02819e773a13044621b353b140bb3dde208897eac32b4a267de15f65a963a93e

  • SHA512

    8dbd825885ebd82563e4f75fd73d341effea0e44c05de7e82239ccc14b2b3257344efc68bd587a42c1ec439cc05ae9a42f5869a9bd25be86cd313ec6e7d4d4c0

  • SSDEEP

    12288:m+1o1xfFW3EXPysap70RV1iFWnrqUoqCjogY9OcaSCUF6SGY2MxIZ6nr:mz1dk3EyRpyV1BqUo/joZDl1FKY1xIsr

Malware Config

Targets

    • Target

      HESAP DETAYLARI.exe

    • Size

      710KB

    • MD5

      a6cdd79d35c00a004238683b35b8ded4

    • SHA1

      a00078c30e86c90699c55eb66ecfac648a391f7d

    • SHA256

      7cfb12add202af6cf627f8d79618f0c7c2eeb7da275835b741138c006d23a3bc

    • SHA512

      188559a8bbf8efa741c78f5a1809f98704cff5efb72e6cad799734c455e05b3ff125f3408ab4ee167e232ae1db4c4f41eefe85998947c155084295fe5eddb579

    • SSDEEP

      12288:kAqxcdkyerVbCx3YNg9vl01uhuQPLFPeM8q8FEVjU+Jd1cN1Jqg:JqxcGrVbCx3YNMvlIOuQP8qppTUJ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.