General

  • Target

    PO 732001_pdf_1.zip

  • Size

    316KB

  • Sample

    230209-samjqagd66

  • MD5

    7be383da5833e73337eba28bfa755023

  • SHA1

    7380c813d3c5eddf37fee85ddc9c6de34417a61c

  • SHA256

    f15ec425e485e8d7ba7f0939b04601703476ece780e8cfdaac7eae825fe80bdf

  • SHA512

    54fc544ff802a846bbe3656f0a598f86e72932a6796c85fe744d7fb4ce41cd7d61097459eed0c14827ee7da9867c71202a3ed99b89c681f98304f240a42b7e7d

  • SSDEEP

    6144:Ei80bZ5G0tVu5KXbPMPxGCXwgv7d3BKCfRj81b8yVe3NP99e:s0bptIKXbPMPoCX3B+rA3Ni

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6010601014:AAE_RJm-2igP99_YnmRQZ_TajH6dCuBx6CI/sendMessage?chat_id=869301167

Targets

    • Target

      PO 732001_pdf.exe

    • Size

      710KB

    • MD5

      16518717490a9378b8ce9e4398c22bba

    • SHA1

      94199ea9d1227a495d09fc77a63088d25829b022

    • SHA256

      7bcce65d6166d096b69e5cd5e4a1e6a3991ff77aed3495da1af2b4f9ecbeef93

    • SHA512

      c9d94d712ee5039ac8833140fe5e107d87aa12644a411429d21dccf1b18d61fa6c727b04f3238050c18501df20afafdcddf81c554f8e13ac1ce9fdcdbce86522

    • SSDEEP

      12288:/UNSgr0oFGV/nMA1uSx8AevTsff0a8Gt3w8sqz4XRKyghCS09QPi/4mJoHpqf2wt:/UtwfTo1f7wCtxzfJGY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks