General

  • Target

    Gjvdnpikd.exe

  • Size

    10KB

  • Sample

    230802-kpv6eaeg81

  • MD5

    f7707dc68ef0113a7089fcbfb241f6b4

  • SHA1

    bb82cb1fe49e8e699f2bc7a9eaa56d959f1e9c0a

  • SHA256

    c9ab09547338e5fabc9a5389c098597734e14e00da6f455d106c813177fce35e

  • SHA512

    dcba265d599a693c9a5546db4a9fd57f3c42e94dc8f7fed7f8f7c17d371fafec2bd6e0c875b80acd727cd14c96707f6403fb9226553c5ff66576f5428e34ec72

  • SSDEEP

    192:n4TPB64dwfHjA7MdRhrN47cZnSD4cli/dq:42fM7MdR8AVSLlil

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6131487156:AAFzpoRUv23HSoE57FgrwPQiVuiha1F8Pcs/sendMessage?chat_id=6373691592

Targets

    • Target

      Gjvdnpikd.exe

    • Size

      10KB

    • MD5

      f7707dc68ef0113a7089fcbfb241f6b4

    • SHA1

      bb82cb1fe49e8e699f2bc7a9eaa56d959f1e9c0a

    • SHA256

      c9ab09547338e5fabc9a5389c098597734e14e00da6f455d106c813177fce35e

    • SHA512

      dcba265d599a693c9a5546db4a9fd57f3c42e94dc8f7fed7f8f7c17d371fafec2bd6e0c875b80acd727cd14c96707f6403fb9226553c5ff66576f5428e34ec72

    • SSDEEP

      192:n4TPB64dwfHjA7MdRhrN47cZnSD4cli/dq:42fM7MdR8AVSLlil

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks