General
-
Target
Statement 01.bz2
-
Size
593KB
-
Sample
241205-s3wm4azrhw
-
MD5
963c33d91907ff68b238eb30166b9dc4
-
SHA1
687b11f6425db4e313a04b195f4b13518351b263
-
SHA256
03538ccfd879aeef689a95b745d00e35d38a45412b3a1658a70d6cdce267687d
-
SHA512
b98664578b75ba6b63d6e3942ee96be0ee8429ec0b6a77a81950511ee52df0782ce8d8d2d59af51821c9770c7c077230d104593a393cb00debe16fb44767c162
-
SSDEEP
12288:LGzTct1Hq9FeOAD/zPWL8F8m2HzhdfOLKB9SssPoHeWMsWm7GoGLzYGe:LGzEHEeby8xozhdfA89SssPiLWloYMGe
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alotemizlik.com.tr - Port:
587 - Username:
[email protected] - Password:
GB63xz79 - Email To:
[email protected]
Targets
-
-
Target
Statement 01.exe
-
Size
1010KB
-
MD5
6e84bf525ca164821b6a9eb41f3f6b0e
-
SHA1
7c4997fc889ea6145e5c5be73eed6458e7a47d73
-
SHA256
5cb8a89bcc6401ee3e8e71edc4af3f7b85a719e0ac00f76178359ddfd1f61f57
-
SHA512
2bbd52706725a46ea90f1189c5187775cabb456f46b3bf52d7c93208e80333b6ccb0f0b3fb3fab0db74931a4d7fdf52f77ae2e39e1c8f2dc32027b306dec8717
-
SSDEEP
24576:cu6J33O0c+JY5UZ+XC0kGso6FaO+XW9o0pWWY:Gu0c++OCvkGs9FaO+aoQY
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-