General
-
Target
coreTEX_report_bgm.pdf.exe
-
Size
662KB
-
Sample
230522-qws8aabe21
-
MD5
d72c1ac32d2592d677d9001caeedce3e
-
SHA1
e998014b6c233b584427736fb22a1ff8f634c7c6
-
SHA256
3eb22db295cea1562fb2f1a04c23a702cb254ce8b1ba1f54f1ebe8e6d1f3fe49
-
SHA512
4627a0ff50cf69d07887a3b7f3f01aa69ba640f62ff08888f8011f3f8bf45c470cb5377c66d84e981b3e38bfd847f97579e55a072fb3843c639f01421f775482
-
SSDEEP
12288:GvV+s1bSQT6tjjdB4C1duRNSIicDqaUI1pUmckroHLVx91oXcRgBkmss0//YQ2wG:Gt0DuRMIhqaVpUmDk791oSgBkBsEQwgR
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5830566856:AAGWFy9uABhntGSW37Ll1sdhis_3Sq_arBM/sendMessage?chat_id=1467583453
Targets
-
-
Target
coreTEX_report_bgm.pdf.exe
-
Size
662KB
-
MD5
d72c1ac32d2592d677d9001caeedce3e
-
SHA1
e998014b6c233b584427736fb22a1ff8f634c7c6
-
SHA256
3eb22db295cea1562fb2f1a04c23a702cb254ce8b1ba1f54f1ebe8e6d1f3fe49
-
SHA512
4627a0ff50cf69d07887a3b7f3f01aa69ba640f62ff08888f8011f3f8bf45c470cb5377c66d84e981b3e38bfd847f97579e55a072fb3843c639f01421f775482
-
SSDEEP
12288:GvV+s1bSQT6tjjdB4C1duRNSIicDqaUI1pUmckroHLVx91oXcRgBkmss0//YQ2wG:Gt0DuRMIhqaVpUmDk791oSgBkBsEQwgR
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-