General
-
Target
6762dd5d2f557b0ddd1ae3e6871146951ac24085644ca58713f438a62a069d1a
-
Size
2.5MB
-
Sample
241222-3pkc1sskfp
-
MD5
b72ca8ce3fc6dec37f0ff8ac2130ee5f
-
SHA1
101b776cb78b7d9d85c14fece2161c006c438b83
-
SHA256
6762dd5d2f557b0ddd1ae3e6871146951ac24085644ca58713f438a62a069d1a
-
SHA512
7ff63719af204cb7787dd5f18e7c7ec1c0ba241f69340f81cc77218c1885ef6aee2a628b114a9da37e4656f649d965a307508c57019cfd1f50cb08d12389e815
-
SSDEEP
49152:g1ohr/zzKt5qEfZTZHbQ91p7qXbyR/4QrDC/ZDwsPLo56+RKQ9SnmFJzLwn:gw/zzKt5qEfpZ67eyCwGbPLmBSnown
Static task
static1
Behavioral task
behavioral1
Sample
hareketleriniz.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
hareketleriniz.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7924749806:AAG-WJhqQVHwMR7UVUYahs5tVC-3tNXnruE/sendMessage?chat_id=7009913093
Targets
-
-
Target
hareketleriniz.exe
-
Size
4.9MB
-
MD5
dd88e4c3f9247626b701977b7238e7a6
-
SHA1
8a30ce8360570fca3b7b5913742466d06491cbf4
-
SHA256
fcdde52d79cc0b51fa86a39b6ebd16d007733b0466c71a8fec91b750817c8e13
-
SHA512
9373dfb5925492230b944433c9d4292d09655cd3dd4f820857a7ebcc35fd37e0d44f8cc5f9067d7e894c964e86ae7b589e118fe4d2b4c3743765b9a216adf333
-
SSDEEP
49152:FUXWOBwOnRw23SlF+E/XShBvG3SHFDuGpY0NAfdXsYx4nVvIwtDajQao9TDOrbhc:FUJwOnRd+ShBQGtHNU31nOiGR
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-