General

  • Target

    INVOICE.exe

  • Size

    1.1MB

  • Sample

    241028-qdvy6azgjp

  • MD5

    5ae1b38a4a27613e4a6b8d176a0c329b

  • SHA1

    0b0dd1b4d8da9e7f3ee3e1edc892fe2848326e7f

  • SHA256

    206c2be165a381f961ecf12f28ba8505fcbfd8e9d11d910d7c0f64dd587d25a4

  • SHA512

    b39550a95f118a4db6a5ea82ae15734e4d7535942022bba02bbcb5d57007e8150a423f39c3c6e686713db81da45576d94814ed877ab7ef4a98ef389183c30447

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLlzalVfl6X3onmJ+yiuww6:f3v+7/5QLlz2V23Wnqwz

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7725731697:AAGDaS6uwtjyooOqJDAR7sd2PrRE4x2kmLI/sendMessage?chat_id=7711653069

Targets

    • Target

      INVOICE.exe

    • Size

      1.1MB

    • MD5

      5ae1b38a4a27613e4a6b8d176a0c329b

    • SHA1

      0b0dd1b4d8da9e7f3ee3e1edc892fe2848326e7f

    • SHA256

      206c2be165a381f961ecf12f28ba8505fcbfd8e9d11d910d7c0f64dd587d25a4

    • SHA512

      b39550a95f118a4db6a5ea82ae15734e4d7535942022bba02bbcb5d57007e8150a423f39c3c6e686713db81da45576d94814ed877ab7ef4a98ef389183c30447

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLlzalVfl6X3onmJ+yiuww6:f3v+7/5QLlz2V23Wnqwz

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks