General

  • Target

    Yyvxgqbd.exe

  • Size

    67KB

  • Sample

    230722-kbrk3aaa73

  • MD5

    ba1709a3d54af0425c34b589d9b5d45e

  • SHA1

    d53c7553af2bd60222a942f477fd3234776a1e85

  • SHA256

    6bcf3454be579fca552338a3f5c192d5301ade9b8c7cb2ace0dc049e33ffa385

  • SHA512

    ce32a43717003d883bc8fcfec9739d332c644f4ad362a773df6e592e00052da1358951248aa977d974404fb39b0e199e0d6e9a85be7d683033afaf78a686105f

  • SSDEEP

    768:2FfuCQ0XZnC5Zw7P22jg3aur1k6IwVlj7ceKguXgcKmxDERgXl+28Be3:2FfunOg3zrRVcn7X4mJYtBe3

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6362226928:AAEy_YKrGOhDs-QKpzHM8bwWaBrcjSBTM4A/sendMessage?chat_id=6373691592

Targets

    • Target

      Yyvxgqbd.exe

    • Size

      67KB

    • MD5

      ba1709a3d54af0425c34b589d9b5d45e

    • SHA1

      d53c7553af2bd60222a942f477fd3234776a1e85

    • SHA256

      6bcf3454be579fca552338a3f5c192d5301ade9b8c7cb2ace0dc049e33ffa385

    • SHA512

      ce32a43717003d883bc8fcfec9739d332c644f4ad362a773df6e592e00052da1358951248aa977d974404fb39b0e199e0d6e9a85be7d683033afaf78a686105f

    • SSDEEP

      768:2FfuCQ0XZnC5Zw7P22jg3aur1k6IwVlj7ceKguXgcKmxDERgXl+28Be3:2FfunOg3zrRVcn7X4mJYtBe3

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks