General
-
Target
234b29254c74b56a48500049daf1d42f149906c1d29bf0ebde2100de8dc956cd.exe
-
Size
1.1MB
-
Sample
241008-bmfs9s1fkm
-
MD5
ccc0959be83b0b131aca1fcba4c11933
-
SHA1
5ab753380fd42d721dd7bd86ed2749e2a6971141
-
SHA256
234b29254c74b56a48500049daf1d42f149906c1d29bf0ebde2100de8dc956cd
-
SHA512
b11cda02f884f26b36639fbad9ae7421ac073ceb0cd9acade1e91af9b2e0651b55c2bf373a6c8b437e2ac4835b7f6cc18eacfc5a863ea6e7fcd404b7dfca113d
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLUr07BMqUscDLuYocEFq+kK:f3v+7/5QLUQ7BYArmPK
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7952998151:AAFh98iY7kaOlHAR0qftD3ZcqGbQm0TXbBY/sendMessage?chat_id=5692813672
Targets
-
-
Target
234b29254c74b56a48500049daf1d42f149906c1d29bf0ebde2100de8dc956cd.exe
-
Size
1.1MB
-
MD5
ccc0959be83b0b131aca1fcba4c11933
-
SHA1
5ab753380fd42d721dd7bd86ed2749e2a6971141
-
SHA256
234b29254c74b56a48500049daf1d42f149906c1d29bf0ebde2100de8dc956cd
-
SHA512
b11cda02f884f26b36639fbad9ae7421ac073ceb0cd9acade1e91af9b2e0651b55c2bf373a6c8b437e2ac4835b7f6cc18eacfc5a863ea6e7fcd404b7dfca113d
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLUr07BMqUscDLuYocEFq+kK:f3v+7/5QLUQ7BYArmPK
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-