Overview

overview

10

Static

static

3

SKM22882023 pdf.exe

windows7-x64

10

SKM22882023 pdf.exe

windows10-2004-x64

10

Resubmissions

23/05/2023, 03:10

230523-dpep4aed7t 10

22/05/2023, 18:19

230522-wx6gwscf5w 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    SKM22882023 pdf.exe

  • Size

    1.0MB

  • Sample

    230522-wx6gwscf5w

  • MD5

    8eecb7d05b0685f6547d2f527a3256e3

  • SHA1

    e04a91a8cffb045aec3a96612788b5e9c43e3165

  • SHA256

    8e697aa7f5271c0c246970f87c2974f29e70b4ba54a2f7ff187ba7bc2e234075

  • SHA512

    a47fe3383a9bbe96110cb33f7c66466b44e3c1b3fd9e421792350e5e8495c5738a0f2b409e67f29312d91ddc65dc49326918fee67e5d64ce4a63b40da3879b3f

  • SSDEEP

    24576:DR1oOfJKY9rrOG8ygWoo89Dhfcjo3PpaXz90G15UbC5JZ:D1b9e7CQhUjo3PpaB0w9JZ

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6069996781:AAHmYgsHwRzaV1_6EovGh5IzcjEeVnsIkLk/sendMessage?chat_id=1734299596

Targets

    • Target

      SKM22882023 pdf.exe

    • Size

      1.0MB

    • MD5

      8eecb7d05b0685f6547d2f527a3256e3

    • SHA1

      e04a91a8cffb045aec3a96612788b5e9c43e3165

    • SHA256

      8e697aa7f5271c0c246970f87c2974f29e70b4ba54a2f7ff187ba7bc2e234075

    • SHA512

      a47fe3383a9bbe96110cb33f7c66466b44e3c1b3fd9e421792350e5e8495c5738a0f2b409e67f29312d91ddc65dc49326918fee67e5d64ce4a63b40da3879b3f

    • SSDEEP

      24576:DR1oOfJKY9rrOG8ygWoo89Dhfcjo3PpaXz90G15UbC5JZ:D1b9e7CQhUjo3PpaB0w9JZ

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks