General
-
Target
824e4e4246a92fc2bfe21b29045a8c60e1f73f14ca7d846c140ac2ef5d817e5e.zip
-
Size
766KB
-
Sample
241008-tl2nfsvamm
-
MD5
afad2bb08f84e3d3d5430af11a33678d
-
SHA1
fef3c657083a64bb67a83abe88d6f24cb52e8764
-
SHA256
b1beb90e9b4871ea269a3d77c4f7a1bf4ef94e1b0ec9d219ecf0a7bc40ef5e6c
-
SHA512
79647868bcabd144b6ee737edad9f3a61af3cdd1d0ddd5492adfb7d5a130f22c7051aa88fa605c47ddd30aaa1e95470ac5b239e0a087a7cb744b122753250a93
-
SSDEEP
12288:S2Yw4eM0zISZYRwo1+USRLv6LEMwh/9UFExYcNHRyRoqFgrRU85ncKpe:Uw4eLxZY3IUSd6Ah+FEx7N4RxFgrRUNL
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7952998151:AAFh98iY7kaOlHAR0qftD3ZcqGbQm0TXbBY/sendMessage?chat_id=5692813672
Targets
-
-
Target
824e4e4246a92fc2bfe21b29045a8c60e1f73f14ca7d846c140ac2ef5d817e5e.exe
-
Size
1.0MB
-
MD5
7fe1b33acbb4390827636fbbe0bbeec7
-
SHA1
6f7df0c28218e0a28f67c0b3a8e5d7f87206a8cb
-
SHA256
824e4e4246a92fc2bfe21b29045a8c60e1f73f14ca7d846c140ac2ef5d817e5e
-
SHA512
e0504c344a51829b964b8713d939bd2b2279335b085252ac8fefd39ad613fa51c51594df7e8d99ce91c38ce922d23a479818cdd1f353841ab3edf28277757826
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLvOByP0HUJWO+WF/bsB26tVMk9+U29V:ffmMv6Ckr7Mny5QLYBWyo67h9AdpfPP
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-