General

  • Target

    7e797b29a6fdfb1e47b67632516a1391

  • Size

    746KB

  • Sample

    240129-bg49nsega3

  • MD5

    7e797b29a6fdfb1e47b67632516a1391

  • SHA1

    57840f5c20f2451c5c640c19d36e1a5368d910aa

  • SHA256

    9e5ef6b7154d9a5b4c2df4eacbaf71f8968e782a72ed49319d8c0406479390e8

  • SHA512

    82cbcb00c07d55b460859fdda14130c16d9914c70ba2a7dfb136f63a6b746d8c20fc8355cd26052c7ed899b0bdb178f1d7cc36e9aa7cddde1d14844146c256e3

  • SSDEEP

    12288:/1Wl8TpCMxskWv62fGPfL8jKzQZzAQKiOiqWXGh:/AGn0yNYjKzQKQKdiH2h

Malware Config

Extracted

Family

snakekeylogger

Credentials
C2

https://api.telegram.org/bot1483662500:AAGrMuxJV05-It-ke-xXVV6-R6IAtETpJb0/sendMessage?chat_id=1300181783

Targets

    • Target

      7e797b29a6fdfb1e47b67632516a1391

    • Size

      746KB

    • MD5

      7e797b29a6fdfb1e47b67632516a1391

    • SHA1

      57840f5c20f2451c5c640c19d36e1a5368d910aa

    • SHA256

      9e5ef6b7154d9a5b4c2df4eacbaf71f8968e782a72ed49319d8c0406479390e8

    • SHA512

      82cbcb00c07d55b460859fdda14130c16d9914c70ba2a7dfb136f63a6b746d8c20fc8355cd26052c7ed899b0bdb178f1d7cc36e9aa7cddde1d14844146c256e3

    • SSDEEP

      12288:/1Wl8TpCMxskWv62fGPfL8jKzQZzAQKiOiqWXGh:/AGn0yNYjKzQKQKdiH2h

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks