General

  • Target

    Refbkefruvt.exe

  • Size

    587KB

  • Sample

    230803-hvx6vabh27

  • MD5

    a58ba28556b22b42763f7e250fb0a4ee

  • SHA1

    1736c40a3405568ea7eb99626fc6787225081eac

  • SHA256

    0ebd3bc3035a85c16d9856235d470598e247755fb4b3744c32ac6bab6c4d311f

  • SHA512

    e2061c4c2ab471f4f6d7c9af420cb821f28b640f3c8b0a20fa7d994e36c0a1996922f84cc471e26518eeba3bbe059cb861371afb5c612327be9a9706f7f0abf0

  • SSDEEP

    6144:hWsTS0AV13ha4LtgdA8ICUNV9xIm683GcS+/ccP+zwrC3vGIETPm3zBzPH:k3ltga2UNKsFSJcPu

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6131487156:AAFzpoRUv23HSoE57FgrwPQiVuiha1F8Pcs/sendMessage?chat_id=6373691592

Targets

    • Target

      Refbkefruvt.exe

    • Size

      587KB

    • MD5

      a58ba28556b22b42763f7e250fb0a4ee

    • SHA1

      1736c40a3405568ea7eb99626fc6787225081eac

    • SHA256

      0ebd3bc3035a85c16d9856235d470598e247755fb4b3744c32ac6bab6c4d311f

    • SHA512

      e2061c4c2ab471f4f6d7c9af420cb821f28b640f3c8b0a20fa7d994e36c0a1996922f84cc471e26518eeba3bbe059cb861371afb5c612327be9a9706f7f0abf0

    • SSDEEP

      6144:hWsTS0AV13ha4LtgdA8ICUNV9xIm683GcS+/ccP+zwrC3vGIETPm3zBzPH:k3ltga2UNKsFSJcPu

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks