General

  • Target

    7cce81410195d653da5cd3d5e0a86f193d31bd16b70eed0604de8a15f5646fb9.exe

  • Size

    908KB

  • Sample

    241015-b6xk5axfjc

  • MD5

    b072f78321c660283d46e104ae677220

  • SHA1

    2e44bc7968414b3cb0ef78c22628979300f63091

  • SHA256

    7cce81410195d653da5cd3d5e0a86f193d31bd16b70eed0604de8a15f5646fb9

  • SHA512

    cfbad8b6014a88854906628ba2254d5f969693a41cb782e3bccde462e7f5d5f3cd0d7a7dd1db940e8ee35d885db57a5feaee7de936e60469d83536a9b8b024ed

  • SSDEEP

    12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLvpmWdvDWMHdCZnAkW0TGTRUg8:ffmMv6Ckr7Mny5QLvYEb0pAkLiTRF8

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7913958792:AAFOhfKo5L7M50XG6odxxQQwJAeD3zGEuJU/sendMessage?chat_id=7004340450

Targets

    • Target

      7cce81410195d653da5cd3d5e0a86f193d31bd16b70eed0604de8a15f5646fb9.exe

    • Size

      908KB

    • MD5

      b072f78321c660283d46e104ae677220

    • SHA1

      2e44bc7968414b3cb0ef78c22628979300f63091

    • SHA256

      7cce81410195d653da5cd3d5e0a86f193d31bd16b70eed0604de8a15f5646fb9

    • SHA512

      cfbad8b6014a88854906628ba2254d5f969693a41cb782e3bccde462e7f5d5f3cd0d7a7dd1db940e8ee35d885db57a5feaee7de936e60469d83536a9b8b024ed

    • SSDEEP

      12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLvpmWdvDWMHdCZnAkW0TGTRUg8:ffmMv6Ckr7Mny5QLvYEb0pAkLiTRF8

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.