General

  • Target

    Цитата.rar

  • Size

    605KB

  • Sample

    240706-lls3bavajq

  • MD5

    4761ff92cdb2bfe2f892737b52f63945

  • SHA1

    d6d89531ec7dcfab294a6d927e1745323d52cfc4

  • SHA256

    d31aea09fb106192bdf53cac554afe64e8c605edf6da5fcb9fe1fec225ab44b5

  • SHA512

    c66ec28815457dd21adca6587d2a47dc5775a8fcd0af14370252f86deda4a79e8040fac640c1f72634b22f5783d4070f92f4543246b224afb530403480aa0f41

  • SSDEEP

    12288:2XPJq7+i54DLV44OQdydUxP6qZnfnpnDlYJLyMQcdc:2Bq7+iiD5lOQd3oQfBELydmc

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7369383080:AAHZ3-eOPNC8dmeokZayL5k2b8wsqK_6ziI/sendMessage?chat_id=6485182959

Targets

    • Target

      Цитата.exe

    • Size

      630KB

    • MD5

      8305c265914ce059abaaa2052f8f92eb

    • SHA1

      058685c06b39d568c8ac14834605e2b322c6b5d1

    • SHA256

      943d1c268a4801187c975474c8e50695e1ba90149cd76daefdc8db9fae9e908c

    • SHA512

      0df7a5591a1964a56b9060bf2a3cbccbd37f29a163f1659af0d32de7953c46d3977560b370f0f7b37632679e1af5760ddf9036891e2405291ea9db33d0067ba3

    • SSDEEP

      12288:NYV6MorX7qzuC3QHO9FQVHPF51jgczxEv0x/w3hD9dVLUD2z5bV:iBXu9HGaVHUE/ghJdSaVbV

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • Target

      out.upx

    • Size

      1.1MB

    • MD5

      2154c9c4d4720114cfc8ce69fe69d090

    • SHA1

      b5f166660e10cce4391bc7705ebb9ea8feae77b9

    • SHA256

      5b4b67a69a84f5191785d13abd2882ed8358f6b67cb3129d53803f9af1e633d3

    • SHA512

      814fe6799e1b1281ef5a470316d7f011621ad68952f1446591ff86079da9276e0e86d09161a4c41c22a66f5ed13fa0e170504fa8d9321c0550c708530c0a7320

    • SSDEEP

      24576:eAHnh+eWsN3skA4RV1Hom2KXDmnE/ghJdSaVbV:Jh+ZkldoPKz1Y5/Vb

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks