General

  • Target

    ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea.exe

  • Size

    942KB

  • Sample

    241008-c1mz6sydqg

  • MD5

    eea62ff363757124e1dc52e2d73a4595

  • SHA1

    92716a1f8b0b7f2cbe6a09057e45c510587affd0

  • SHA256

    ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea

  • SHA512

    1f3164818109c48aba0e122293234a6f8c232770195f18172a855222cfb31f684cb1740492081bf3ac8eb0e86328a02f441d7ecaf156ba874250a8ba500422e7

  • SSDEEP

    12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLRQdDQYZ6DO42c/yRUpsFJF:ffmMv6Ckr7Mny5QLRQdDlZ664l/ySpsp

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7887381131:AAH4jHJ7Kc0dolQ_x2jW8rTr7XHsdKKLTaM/sendMessage?chat_id=6557702940

Targets

    • Target

      ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea.exe

    • Size

      942KB

    • MD5

      eea62ff363757124e1dc52e2d73a4595

    • SHA1

      92716a1f8b0b7f2cbe6a09057e45c510587affd0

    • SHA256

      ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea

    • SHA512

      1f3164818109c48aba0e122293234a6f8c232770195f18172a855222cfb31f684cb1740492081bf3ac8eb0e86328a02f441d7ecaf156ba874250a8ba500422e7

    • SSDEEP

      12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLRQdDQYZ6DO42c/yRUpsFJF:ffmMv6Ckr7Mny5QLRQdDlZ664l/ySpsp

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks