General

  • Target

    COMPANY PROFILE_pdf.exe

  • Size

    2.0MB

  • Sample

    241007-j3valavekk

  • MD5

    d60968fc5bcc52cb58e02f8c866cf43d

  • SHA1

    1e007b4dadfafa24f750612f2dff8ba48f5b05b2

  • SHA256

    f00d6879840cc1fc5087c7e8fe8f4fd701dd2bb58aac9420f77b326b383d37da

  • SHA512

    aabacfc88590a3205dd776acfb6d6ccd89b6fdfb82b8c9f2d7a637fde51b8f31ec12c6be8cb008a1d1ca5b35a6871387ec84d6bbf1aec1f4ed6f7c6945a4b5b9

  • SSDEEP

    12288:P/8+3OpHnvQoS7uwXMox9rqKiZDhYkS07bRKu0ZATyMw57+xvoK5SfXwPEW8:PE+3MHn4o7wXZx9rQS0/QWzDsW8

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5959992477:AAHE-7vhpGmcidn94EXH2Dz0foqgJdGDb1E/sendMessage?chat_id=6070433873

Targets

    • Target

      COMPANY PROFILE_pdf.exe

    • Size

      2.0MB

    • MD5

      d60968fc5bcc52cb58e02f8c866cf43d

    • SHA1

      1e007b4dadfafa24f750612f2dff8ba48f5b05b2

    • SHA256

      f00d6879840cc1fc5087c7e8fe8f4fd701dd2bb58aac9420f77b326b383d37da

    • SHA512

      aabacfc88590a3205dd776acfb6d6ccd89b6fdfb82b8c9f2d7a637fde51b8f31ec12c6be8cb008a1d1ca5b35a6871387ec84d6bbf1aec1f4ed6f7c6945a4b5b9

    • SSDEEP

      12288:P/8+3OpHnvQoS7uwXMox9rqKiZDhYkS07bRKu0ZATyMw57+xvoK5SfXwPEW8:PE+3MHn4o7wXZx9rQS0/QWzDsW8

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks