Overview

overview

10

Static

static

3

MILLS NEW ...21.exe

windows7-x64

10

MILLS NEW ...21.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f80cf8e2df0e8c4b1aa03b9a91c98ed7_JaffaCakes118

  • Size

    580KB

  • Sample

    240926-lbcbtaygkj

  • MD5

    f80cf8e2df0e8c4b1aa03b9a91c98ed7

  • SHA1

    6fad81b65120690d5596c01b6e2038b40ec37952

  • SHA256

    12fe89d0b26cbcddb8d6ab034db718afc5a908a76b5bb46502d088536b62361a

  • SHA512

    fa198d9db1136793efc996a7cb4a3b5fd246915c845ff96750c6f3804cc71ee3ea08a9ca31c5f13295e898c8a71e5f23d82a31fa71c03834e9ae186684a80264

  • SSDEEP

    12288:i17eYF3XAAHZ8yGkhdwdzFGuBGUk/uQlLLacIRF3dHk08N+h4fICh4S92Ok5qLOU:S7V3Xl4dvxk/xl6cIX3dbz/Chx99gqyU

Score
10/10
snakekeyloggerdiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1599185091:AAFwjZ99E4P1IuAWSo1Ue568J97WLOPoV88/sendMessage?chat_id=652007142

Targets

    • Target

      MILLS NEW ORDER.18022021.exe

    • Size

      1.1MB

    • MD5

      0aa00f0470dc38c15fe8e99376c5e272

    • SHA1

      e5ac210cb54910b2b21ce1845675540b5fdb049e

    • SHA256

      87b3487f64f3be55dd90700c67617d28a65457759e801cefd5369872e3dc2c7f

    • SHA512

      4ccc93058ff0d7db90547713abe8c48985cd7ffe28ac74bdea89967d3ee5003cc3fbf7402e7effe210032a131c314b96fe9bb94b30045b0becc69fae982a029d

    • SSDEEP

      12288:GVmMp+Nj6jRPLjRPqjBjjyjBjBjBjBjLj3QoL6o2LE59w8t1chat8Z2hWfTa5hBt:EQpo2LY241cMt7h2Tacul1aWM8M5

    Score
    10/10
    snakekeyloggerdiscoverykeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks