General

  • Target

    7a73df82b37bc1ef12e62d30b3164ea6

  • Size

    400KB

  • Sample

    240127-rf92jadgb6

  • MD5

    7a73df82b37bc1ef12e62d30b3164ea6

  • SHA1

    016fce0697a0b097d1bf12995b37d7afe3433fd2

  • SHA256

    d480fd41cd9a62bfe2581d4f2a305cc432ffa28da059decf159d53b1874057fc

  • SHA512

    4225a28740371579bf5597b476598615c0f2381555ada9f90feb7c66e0a287f708eef2a46eff92303ef9b2e5f06597481dba4a98460d6be3f4cc7ff90b76f5cf

  • SSDEEP

    6144:Dxkfjwq/nHwm80S7zIDxm9i9R3JbN2Gz5T6xEFaHTdBh6ZLIfBu/y6+QgCHl202j:D8jDvIJoTq6aHTdBh6ZLIfItMCF5Rlc

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1817928218:AAFcWGpfMsSiXXvCAylg0FnRVFlCr_5edUc/sendMessage?chat_id=1293496579

Targets

    • Target

      7a73df82b37bc1ef12e62d30b3164ea6

    • Size

      400KB

    • MD5

      7a73df82b37bc1ef12e62d30b3164ea6

    • SHA1

      016fce0697a0b097d1bf12995b37d7afe3433fd2

    • SHA256

      d480fd41cd9a62bfe2581d4f2a305cc432ffa28da059decf159d53b1874057fc

    • SHA512

      4225a28740371579bf5597b476598615c0f2381555ada9f90feb7c66e0a287f708eef2a46eff92303ef9b2e5f06597481dba4a98460d6be3f4cc7ff90b76f5cf

    • SSDEEP

      6144:Dxkfjwq/nHwm80S7zIDxm9i9R3JbN2Gz5T6xEFaHTdBh6ZLIfBu/y6+QgCHl202j:D8jDvIJoTq6aHTdBh6ZLIfItMCF5Rlc

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks