Resubmissions

09-08-2024 23:28

240809-3f1cwayeph 10

14-07-2024 08:09

240714-j15csaverc 10

General

  • Target

    DHL Waybill & Shipping Document.exe

  • Size

    2.8MB

  • Sample

    240714-j15csaverc

  • MD5

    a80d785ff635c1903e51209cdb854d55

  • SHA1

    a328fce4a7bf076f046193936fd272d262c08acd

  • SHA256

    fa4dd3214fe17f69079274a2dd01ed191a1b7c70c96bc36d274a5f6758deaffb

  • SHA512

    0f68122a9f9d14cabac8c07849ab81027384eca0cce386ddc414903436dfa2157cab56d0a8105d1dfb7a041ee3f0cfee30e34c435c4e2e0b315594da3f269d01

  • SSDEEP

    12288:n9MaVrg++LvtflmwLpe+0d5POpdVC16SA7t:nKacTLyw0+452pd0QX

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6040706883:AAGj7B9ONNWM5dxNf28Wuf8zMNReKmR75X0/sendMessage?chat_id=6081058038

Targets

    • Target

      DHL Waybill & Shipping Document.exe

    • Size

      2.8MB

    • MD5

      a80d785ff635c1903e51209cdb854d55

    • SHA1

      a328fce4a7bf076f046193936fd272d262c08acd

    • SHA256

      fa4dd3214fe17f69079274a2dd01ed191a1b7c70c96bc36d274a5f6758deaffb

    • SHA512

      0f68122a9f9d14cabac8c07849ab81027384eca0cce386ddc414903436dfa2157cab56d0a8105d1dfb7a041ee3f0cfee30e34c435c4e2e0b315594da3f269d01

    • SSDEEP

      12288:n9MaVrg++LvtflmwLpe+0d5POpdVC16SA7t:nKacTLyw0+452pd0QX

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks