General

  • Target

    2e4dcd52a819ffd488b91e89d743ac9e.exe

  • Size

    893KB

  • Sample

    230718-g26wwsgf24

  • MD5

    2e4dcd52a819ffd488b91e89d743ac9e

  • SHA1

    27a250adf633fdc423ee330ccd2afd5b56cfd66e

  • SHA256

    a11ef9d544cbb542549304eb4e297740f5cd06780218300085751c4ca0050309

  • SHA512

    f58bd59684a330b4662bac3c953226640c0cfaaaa8560ce305bc29c3c7b6896dadd0d2af6c43da0941a473ec8249288e425a949b13067a4ee3bec4c7eea61a67

  • SSDEEP

    12288:IWVt00/eseSFpd/upd/E2PKhk246c4MxXn6TUYlf8RYxu7ns:IWT00Gd5PKWTxX6TTras

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot2106150449:AAHIwsHmr23aQkTnyeD_XA0cTAX8yk2mXFM/sendMessage?chat_id=1990813371

Targets

    • Target

      2e4dcd52a819ffd488b91e89d743ac9e.exe

    • Size

      893KB

    • MD5

      2e4dcd52a819ffd488b91e89d743ac9e

    • SHA1

      27a250adf633fdc423ee330ccd2afd5b56cfd66e

    • SHA256

      a11ef9d544cbb542549304eb4e297740f5cd06780218300085751c4ca0050309

    • SHA512

      f58bd59684a330b4662bac3c953226640c0cfaaaa8560ce305bc29c3c7b6896dadd0d2af6c43da0941a473ec8249288e425a949b13067a4ee3bec4c7eea61a67

    • SSDEEP

      12288:IWVt00/eseSFpd/upd/E2PKhk246c4MxXn6TUYlf8RYxu7ns:IWT00Gd5PKWTxX6TTras

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks