General

  • Target

    Wnasqalvg.exe

  • Size

    99KB

  • Sample

    230801-mr866agd4y

  • MD5

    5e8126c0c3bb629ee4b18dbe80801da5

  • SHA1

    04215ad2be82e01e588e16a65a58ab9b7b757d27

  • SHA256

    75fe2e05556461cf5b623ce60ba191ec4153ca13931260faa99ce558ac86914a

  • SHA512

    d5f202490df8d84a5ed9d5e83d76978cd0b836dd1ffc31eac169b5ec75c3c728c2938c4c919748df15c6975f27bd7ec6f3fa3a47714687d77e072ef0313c5b59

  • SSDEEP

    1536:avBOOhLjf94kUmTzzugagH+rAfnNgwW3QMNsi/ZL1F6qvqCLMotw:LO1CYOgDH+0fNgw3Me41tw

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6323155837:AAGetKXnPtbbyO0kxwEiTX4EeslRECcAfuM/sendMessage?chat_id=5716598986

Targets

    • Target

      Wnasqalvg.exe

    • Size

      99KB

    • MD5

      5e8126c0c3bb629ee4b18dbe80801da5

    • SHA1

      04215ad2be82e01e588e16a65a58ab9b7b757d27

    • SHA256

      75fe2e05556461cf5b623ce60ba191ec4153ca13931260faa99ce558ac86914a

    • SHA512

      d5f202490df8d84a5ed9d5e83d76978cd0b836dd1ffc31eac169b5ec75c3c728c2938c4c919748df15c6975f27bd7ec6f3fa3a47714687d77e072ef0313c5b59

    • SSDEEP

      1536:avBOOhLjf94kUmTzzugagH+rAfnNgwW3QMNsi/ZL1F6qvqCLMotw:LO1CYOgDH+0fNgw3Me41tw

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks