General

  • Target

    11072024_0739_10072024_PO#012637210.rar

  • Size

    514KB

  • Sample

    240711-jgzm7awcqr

  • MD5

    35000fcc2d03f9f0b285658840c38fc0

  • SHA1

    8d6d52bd9f5e346e6de393acfae59c425f65781d

  • SHA256

    913f859cd5399a0e54329a964389ecd5ca297591e7320382f318a0f5799f4092

  • SHA512

    11ec21cf5d627827f4d335aafe5f1c5a359164d39d04f124acd7c6049312d786968130cdded7ececc7bc2c9f78adc0a20a5a343736901960fe9dacf1678977d7

  • SSDEEP

    12288:SnYK6RmpXqK9iYi9+Nw4ExtmzSR+PFR6+8JR6ETd:IY+aK9iJ0NQx8zSEPqZJQER

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6756118950:AAGfdfhshYm8ER28iBEbbJy5ae-eVJaOJUM/sendMessage?chat_id=6278563907

Targets

    • Target

      PO#012637210.exe

    • Size

      1.1MB

    • MD5

      806efd8a3ed46eba0a05490ca09df108

    • SHA1

      141740d709913e9193d574f66497a8540228c24d

    • SHA256

      a59ce547293a1d816d08f16e0261cbadaec4da508e3cfb6e7c87e201d5ce31f5

    • SHA512

      87ee0fe5563327fa3314146a07b81266a32b12de4ab4390eee11059047ba0faa07f4c7e544956b300efa4b606f617cd7457ab2fb88f50ae1eed2a19a35ffcb84

    • SSDEEP

      24576:YAHnh+eWsN3skA4RV1Hom2KXMmHahZsTLVCv5:fh+ZkldoPK8YahCXVm

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks