General
-
Target
40d966464cd7ad55d8ed44d2dd1208d72a85425b360934aa47abaa4df58623da
-
Size
2.5MB
-
Sample
241220-rj9vyaxrhq
-
MD5
f8a07a5919711a1374bb479d9ffea82e
-
SHA1
3fe2c88c19abaf5e03d07dc5a58951c9a9ddd7e2
-
SHA256
40d966464cd7ad55d8ed44d2dd1208d72a85425b360934aa47abaa4df58623da
-
SHA512
a3036980f355d368014c7c9c61e6e3ed3d6261d36a7f8215ca1386fd83cfaf5030c536fc6b90edc51ced3255d66dfdd4fea1fca10ce208e4615c2c2f7a0fa7e8
-
SSDEEP
49152:qKQ9dy4x8NXwkGOfEO0W8HGUnw8oyxNQBapXxNWeNy5ra8xRVT:q3+6oXwNOfEFWxUZoyxNQByNNaRVT
Static task
static1
Behavioral task
behavioral1
Sample
hareketleriniz.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
hareketleriniz.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7924749806:AAG-WJhqQVHwMR7UVUYahs5tVC-3tNXnruE/sendMessage?chat_id=7009913093
Targets
-
-
Target
hareketleriniz.exe
-
Size
4.9MB
-
MD5
3f0aa4d50657a6d3d4c9fef1ec75d02e
-
SHA1
d345f158ed80e33425c2f948b5110be810a13e59
-
SHA256
c1580e67c99a2ea0c669cdf47afd9796b9222250da206b70403a2f0bba9e1564
-
SHA512
66b713afe613941f7b73a636049a82e8411cb1baaf3596d43d49fa359252badfcbdf9129240c2d755d84df5a7f7290bf664e2f9d8eae9a25f863aa2b508f7c6d
-
SSDEEP
49152:V/nG41Q+Ue+S3SlFYZ/bOvNR6DXhdboT3Y0hoApjq9vnUiQagE1gvaV6H5Oi88DX:V/e+UeRBGyJcLfrolLtaOjNsFX
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-