General
-
Target
75123d5410937645b1baf7f037864134835451b719563e9af1ece4da44e8fe98
-
Size
462KB
-
Sample
241216-nal6qsxqat
-
MD5
04ff9b94288b0e4f43ac123fdedfbece
-
SHA1
b74c5cf4411fef9cabcdce4c4170473fe7c2a470
-
SHA256
75123d5410937645b1baf7f037864134835451b719563e9af1ece4da44e8fe98
-
SHA512
011d2194eb9664c2f0213aaf2480d14df2e114040d4eaccda34263a058b49de80633ce00f3b64794751b8eecd200dc04b3368ed7fe156b8341f5fcb1f3420871
-
SSDEEP
12288:125ElWgEnTwiZ8N3+lp1aKa54sLdpxNaG8r4XaRQXR4K:1euETwGuul/aKpsppPdmaTh4K
Static task
static1
Behavioral task
behavioral1
Sample
Details.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Details.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gzdled.com.tr - Port:
587 - Username:
[email protected] - Password:
Gozdeled1048 - Email To:
[email protected]
Targets
-
-
Target
Details.exe
-
Size
929KB
-
MD5
c6fd14ddeea70b1498f8e9ec9b217a52
-
SHA1
bcb1df3f5ad3d7b6366081f951398a1d58350e42
-
SHA256
5c027dcc616d420b52bf956217d3d2ca9e3e9c8e0e5fdf4e5c9d464795dde4b6
-
SHA512
e29151766713adbb72edd209cd85ceaa100e3be94555710769e4cae0fc2b2cc59b7a002185e0842e30c59b2a5829fa6fdaaccb7239e85532a24df5475d0c778c
-
SSDEEP
24576:sJVcWy9iv8r2FHqbaUbADliQJ/cziFj34HIm:sJVcWy98PFcziFSI
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-