General

  • Target

    PO#76215720223.rar

  • Size

    497KB

  • Sample

    240712-hn7rpsvfjf

  • MD5

    5afbb8a98131d92474d5b89952cacecb

  • SHA1

    ce160ded5fc020ee96ae4884ee5bac5ca810b730

  • SHA256

    d876db76aa7a9ee972c1a70338d64a25a88e4c2edf6c3d7b957516fbd850c709

  • SHA512

    c7664d5505fbc4a02f230eed5987af9a56a5529d386162e971b0a268b758252d6c391441e3d02e3bc79f5d7235f3cdbb8d64173b143f9cd45c00175864d363ff

  • SSDEEP

    12288:KpTJqQ9FZv4YbdqguRs+N5BtH0uDauC8ZTHyj5UKFV1V:KTTd4adqguRsk0u3VSj5Ue7V

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6756118950:AAGfdfhshYm8ER28iBEbbJy5ae-eVJaOJUM/sendMessage?chat_id=6278563907

Targets

    • Target

      PO#76215720223.exe

    • Size

      1.1MB

    • MD5

      68e0165684e6817fa57a9291a9430b63

    • SHA1

      f21bf5d7a69bdf313ba56e330319077a9909dd5a

    • SHA256

      d27239b28cfcbf7da1382d13b9ca2f8967241b0b8493db3df87ae8ebcad71045

    • SHA512

      1e0627e4412f4e6d818eb6ceb8bd5b1a214539a6dfbb783ad050af704a9ee612a6434a9a2e2450699e7e99bda3f680a133c7be0a3df30d66e5e90ebf69f5dae4

    • SSDEEP

      24576:TAHnh+eWsN3skA4RV1Hom2KXMmHa7wMexG5:eh+ZkldoPK8Ya7HeK

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks