General

  • Target

    Tudehluxjc.exe

  • Size

    664KB

  • Sample

    230807-qjcprsfd73

  • MD5

    4c04bbc78a794f659d4dd83e95c3d522

  • SHA1

    3368899d115079599f67da061d2bb980913ce042

  • SHA256

    17aef7f33ee1725a500067cf27953fbaaf7ae489c2cf974a0d5a676e454750eb

  • SHA512

    758fdfcbc12467908ed7b2f3de6f38864a138fd9e42a0f8a31265f17e1d84df7bd1dcd5ee4f2ab7743b9a06c78290f9cc1c179af5a127f4195da619325ece14f

  • SSDEEP

    12288:rg3dNu3HCZv9Z228k9mp3ZFm2CrFpYqjrUVRajl6l2GRwLfQ9g:rg3dNuMv9Z22f9mpu2YzjrARajl6Rn

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6312134911:AAEpy-chTluU2BKpH7SOV4jFqoRrZrAO-mQ/sendMessage?chat_id=6373691592

Targets

    • Target

      Tudehluxjc.exe

    • Size

      664KB

    • MD5

      4c04bbc78a794f659d4dd83e95c3d522

    • SHA1

      3368899d115079599f67da061d2bb980913ce042

    • SHA256

      17aef7f33ee1725a500067cf27953fbaaf7ae489c2cf974a0d5a676e454750eb

    • SHA512

      758fdfcbc12467908ed7b2f3de6f38864a138fd9e42a0f8a31265f17e1d84df7bd1dcd5ee4f2ab7743b9a06c78290f9cc1c179af5a127f4195da619325ece14f

    • SSDEEP

      12288:rg3dNu3HCZv9Z228k9mp3ZFm2CrFpYqjrUVRajl6l2GRwLfQ9g:rg3dNuMv9Z22f9mpu2YzjrARajl6Rn

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks