General
-
Target
824e4e4246a92fc2bfe21b29045a8c60e1f73f14ca7d846c140ac2ef5d817e5e.exe
-
Size
1.0MB
-
Sample
241009-cb23ssvhnb
-
MD5
7fe1b33acbb4390827636fbbe0bbeec7
-
SHA1
6f7df0c28218e0a28f67c0b3a8e5d7f87206a8cb
-
SHA256
824e4e4246a92fc2bfe21b29045a8c60e1f73f14ca7d846c140ac2ef5d817e5e
-
SHA512
e0504c344a51829b964b8713d939bd2b2279335b085252ac8fefd39ad613fa51c51594df7e8d99ce91c38ce922d23a479818cdd1f353841ab3edf28277757826
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLvOByP0HUJWO+WF/bsB26tVMk9+U29V:ffmMv6Ckr7Mny5QLYBWyo67h9AdpfPP
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7952998151:AAFh98iY7kaOlHAR0qftD3ZcqGbQm0TXbBY/sendMessage?chat_id=5692813672
Targets
-
-
Target
824e4e4246a92fc2bfe21b29045a8c60e1f73f14ca7d846c140ac2ef5d817e5e.exe
-
Size
1.0MB
-
MD5
7fe1b33acbb4390827636fbbe0bbeec7
-
SHA1
6f7df0c28218e0a28f67c0b3a8e5d7f87206a8cb
-
SHA256
824e4e4246a92fc2bfe21b29045a8c60e1f73f14ca7d846c140ac2ef5d817e5e
-
SHA512
e0504c344a51829b964b8713d939bd2b2279335b085252ac8fefd39ad613fa51c51594df7e8d99ce91c38ce922d23a479818cdd1f353841ab3edf28277757826
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLvOByP0HUJWO+WF/bsB26tVMk9+U29V:ffmMv6Ckr7Mny5QLYBWyo67h9AdpfPP
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-