General

  • Target

    Bincryptedfile.exe.bin

  • Size

    904KB

  • Sample

    230505-x2eemsba9x

  • MD5

    dcf0c5e9ca5972bec53fac4790c79639

  • SHA1

    81d5309425bebca76b0b721a61b9f96261eb310c

  • SHA256

    2d1646dc9d65c34be77a34bbedf4a7d0c14df7d3a3b0544e4a70e912467995a5

  • SHA512

    224314daf6a40aaaa68c050e378f755eb66a98fd69a490cfa25bd09c345d4854351716b3c53759be71d7f1aa7fd21dac4f65e4ee71aa7a8653cbcc2482b4c34f

  • SSDEEP

    12288:bqXY+1u09wVRWpVymIbdj5wLuq3foSzSmkU7U+WnhirJ:AY+1X9kR87IbdeLFfoukUKhiF

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5412042498:AAH4OVSAlB-9yvO0MxObTPVF8mPej6Ln4M4/sendMessage?chat_id=5573520537

Targets

    • Target

      Bincryptedfile.exe.bin

    • Size

      904KB

    • MD5

      dcf0c5e9ca5972bec53fac4790c79639

    • SHA1

      81d5309425bebca76b0b721a61b9f96261eb310c

    • SHA256

      2d1646dc9d65c34be77a34bbedf4a7d0c14df7d3a3b0544e4a70e912467995a5

    • SHA512

      224314daf6a40aaaa68c050e378f755eb66a98fd69a490cfa25bd09c345d4854351716b3c53759be71d7f1aa7fd21dac4f65e4ee71aa7a8653cbcc2482b4c34f

    • SSDEEP

      12288:bqXY+1u09wVRWpVymIbdj5wLuq3foSzSmkU7U+WnhirJ:AY+1X9kR87IbdeLFfoukUKhiF

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks