General
-
Target
01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783.exe
-
Size
996KB
-
Sample
241210-cg8sjavlcr
-
MD5
9d6d766bbc9e1f2384bc31f297b4dbb9
-
SHA1
8f6ca29b1bde72b85da4c6bd2933aabb46e67ab3
-
SHA256
01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783
-
SHA512
ec442e988964e237df6d56ea8b3d2dbd73e1bb8a68cb6f09389b679a767ba12bd615ba81f5046c94d3545d16bb89b5e6841d92da2768701a084ddc09052ae7f2
-
SSDEEP
24576:1u6J33O0c+JY5UZ+XC0kGso6FaXJnBWO98ZmhWY:Xu0c++OCvkGs9FaXJnXgY
Static task
static1
Behavioral task
behavioral1
Sample
01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alotemizlik.com.tr - Port:
587 - Username:
[email protected] - Password:
GB63xz79 - Email To:
[email protected]
Targets
-
-
Target
01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783.exe
-
Size
996KB
-
MD5
9d6d766bbc9e1f2384bc31f297b4dbb9
-
SHA1
8f6ca29b1bde72b85da4c6bd2933aabb46e67ab3
-
SHA256
01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783
-
SHA512
ec442e988964e237df6d56ea8b3d2dbd73e1bb8a68cb6f09389b679a767ba12bd615ba81f5046c94d3545d16bb89b5e6841d92da2768701a084ddc09052ae7f2
-
SSDEEP
24576:1u6J33O0c+JY5UZ+XC0kGso6FaXJnBWO98ZmhWY:Xu0c++OCvkGs9FaXJnXgY
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-