Overview

overview

10

Static

static

Ibyqgi.exe

windows7-x64

10

Ibyqgi.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ibyqgi.exe

  • Size

    15KB

  • Sample

    220923-qedfhaacak

  • MD5

    192c9f5fcb7888a63721eb63ba4b8345

  • SHA1

    0809b8d07380c6fdac0f14d8906ffbd29b821900

  • SHA256

    43360ff59b5a2c3da25da0025e66947cbcfd5cda3cb7f35b126dd32b5e753281

  • SHA512

    75b976b1c5238a38b49b5f225787faf69a66cb41d06d8c9b81bbb53c8403d3d3d85eb3096fa5db4c1745652055e858dc2c14f34aba9bd516fed47d0352298561

  • SSDEEP

    192:fbIlOqEWmUMkloKqzF6Ate1ozTqpKGaOFwCwBeu6I:fbY8WmUMklAoAteaKpuOFwNIx

Score
10/10
snakekeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5542941782:AAFlsn_FCfYT7D_ZthXK_Udd4a15AE58_Wg/sendMessage?chat_id=2054148913

Targets

    • Target

      Ibyqgi.exe

    • Size

      15KB

    • MD5

      192c9f5fcb7888a63721eb63ba4b8345

    • SHA1

      0809b8d07380c6fdac0f14d8906ffbd29b821900

    • SHA256

      43360ff59b5a2c3da25da0025e66947cbcfd5cda3cb7f35b126dd32b5e753281

    • SHA512

      75b976b1c5238a38b49b5f225787faf69a66cb41d06d8c9b81bbb53c8403d3d3d85eb3096fa5db4c1745652055e858dc2c14f34aba9bd516fed47d0352298561

    • SSDEEP

      192:fbIlOqEWmUMkloKqzF6Ate1ozTqpKGaOFwCwBeu6I:fbY8WmUMklAoAteaKpuOFwNIx

    Score
    10/10
    snakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks