General
-
Target
hesaphareketi-01-27112024.exe
-
Size
1.0MB
-
Sample
241127-w269zs1ldn
-
MD5
eabd69f2c9b6aefee678ee1cffd250ab
-
SHA1
390e5c05af37ebc6e9c89f2e24bd794af4768060
-
SHA256
ad3059baaea15d798fc29a39b334b5be7cb27a25e7cfde3951b64220e708e3c0
-
SHA512
6c560adfd2411854dd172825574fe96ecc9e5d7f7ee9432c22c76b25483f8aab400264b3f2009b5596f9c20b53cb0f7d4c04a5aaa4c1731be27c663ba3144a79
-
SSDEEP
12288:ktb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaYPbhupl3cpLJZ0tr6A:ktb20pkaCqT5TBWgNQ7aYVYl3In+r6A
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01-27112024.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
hesaphareketi-01-27112024.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot8105461233:AAGikrL-FY3clQOY-lg3KOIDOXSLgX28_TU/sendMessage?chat_id=6147266367
Targets
-
-
Target
hesaphareketi-01-27112024.exe
-
Size
1.0MB
-
MD5
eabd69f2c9b6aefee678ee1cffd250ab
-
SHA1
390e5c05af37ebc6e9c89f2e24bd794af4768060
-
SHA256
ad3059baaea15d798fc29a39b334b5be7cb27a25e7cfde3951b64220e708e3c0
-
SHA512
6c560adfd2411854dd172825574fe96ecc9e5d7f7ee9432c22c76b25483f8aab400264b3f2009b5596f9c20b53cb0f7d4c04a5aaa4c1731be27c663ba3144a79
-
SSDEEP
12288:ktb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaYPbhupl3cpLJZ0tr6A:ktb20pkaCqT5TBWgNQ7aYVYl3In+r6A
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-