General

  • Target

    a3d4af8e960db3a71927f672f29ece4963dd200965f9d3ddd3a2db8d4150f53c.exe

  • Size

    930KB

  • Sample

    241025-chj6kasejd

  • MD5

    dab02bda6040baa9dd55a267c40ef2ed

  • SHA1

    a114305562ece266d18b72f247651791f509f95e

  • SHA256

    a3d4af8e960db3a71927f672f29ece4963dd200965f9d3ddd3a2db8d4150f53c

  • SHA512

    b7325b4ad753c6fbec4c2ea6397edb9e686ec9896414f988abceb6a567a8f941381a225e4c39ca7acf9fe4dc2a5143392e8f01b2de0d740d6aefef70caf15ffa

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLmA61Ksm6EX7q8o2sE8mMLH:f3v+7/5QLmv1JKWbX7

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8129252196:AAFb_vUYwennKVolbwpXf3vnDfT_yhozHns/sendMessage?chat_id=7004340450

Targets

    • Target

      a3d4af8e960db3a71927f672f29ece4963dd200965f9d3ddd3a2db8d4150f53c.exe

    • Size

      930KB

    • MD5

      dab02bda6040baa9dd55a267c40ef2ed

    • SHA1

      a114305562ece266d18b72f247651791f509f95e

    • SHA256

      a3d4af8e960db3a71927f672f29ece4963dd200965f9d3ddd3a2db8d4150f53c

    • SHA512

      b7325b4ad753c6fbec4c2ea6397edb9e686ec9896414f988abceb6a567a8f941381a225e4c39ca7acf9fe4dc2a5143392e8f01b2de0d740d6aefef70caf15ffa

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLmA61Ksm6EX7q8o2sE8mMLH:f3v+7/5QLmv1JKWbX7

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks