General

  • Target

    Hesap hareketleriniz.exe

  • Size

    478KB

  • Sample

    241206-klez1sypdx

  • MD5

    afdc908cc5972fc98ea8d8c1ec6a1a20

  • SHA1

    2a53ca86feb606238bfc1e0d33e18560b198a069

  • SHA256

    46c26cc083a8e984e06a2e1e670487f60e1c340b819ce566ca349ca04d01ec32

  • SHA512

    03ba6516cf7b27ace802c35a0129eebe0d21bebb38cecf46875883d71d0f6253c9748fd7fb1e474e74049c752382fc111e27f037fbaa32ab7c1a8856e80270cf

  • SSDEEP

    12288:ams10/1QwuU3B+WoJwqIQXuYc8AbiRR7EujnkmHs+ElAdV/feinF:aS1XzR5ouqISAGzf/feKF

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7924749806:AAG-WJhqQVHwMR7UVUYahs5tVC-3tNXnruE/sendMessage?chat_id=7009913093

Targets

    • Target

      Hesap hareketleriniz.exe

    • Size

      478KB

    • MD5

      afdc908cc5972fc98ea8d8c1ec6a1a20

    • SHA1

      2a53ca86feb606238bfc1e0d33e18560b198a069

    • SHA256

      46c26cc083a8e984e06a2e1e670487f60e1c340b819ce566ca349ca04d01ec32

    • SHA512

      03ba6516cf7b27ace802c35a0129eebe0d21bebb38cecf46875883d71d0f6253c9748fd7fb1e474e74049c752382fc111e27f037fbaa32ab7c1a8856e80270cf

    • SSDEEP

      12288:ams10/1QwuU3B+WoJwqIQXuYc8AbiRR7EujnkmHs+ElAdV/feinF:aS1XzR5ouqISAGzf/feKF

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.