General

  • Target

    z74fBF2ObiS1g87mbS.exe

  • Size

    737KB

  • Sample

    241028-t2a6fa1pav

  • MD5

    83e4eb81deaa9d3e5c59812c8dd97a89

  • SHA1

    af49bc12cc6d2ca6265723e1781d34537b7d51cc

  • SHA256

    a27e29b26b25a83e2d17a66ba98e51c93915364d03998cdad25965c3fc2104a4

  • SHA512

    2b2f5a29196583ced07460d2fdb6a503217628fac2ea25210db5765472d77dee2242a28ffce59a3a7b52c319b153bfae2e44b1be62e0bd5647b568ba178262c9

  • SSDEEP

    12288:GQWoX0U1YjyndWMqZgdi/xcsyo5sXMugmjhJcdhgysOYj24nXLFFYB:CokUrG3/qsy8sb+Pgy224XZFw

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7733074716:AAHPqUDZNcrQPzH_G03x5ppIOnkxZuz-Nyk/sendMessage?chat_id=7337843299

Targets

    • Target

      z74fBF2ObiS1g87mbS.exe

    • Size

      737KB

    • MD5

      83e4eb81deaa9d3e5c59812c8dd97a89

    • SHA1

      af49bc12cc6d2ca6265723e1781d34537b7d51cc

    • SHA256

      a27e29b26b25a83e2d17a66ba98e51c93915364d03998cdad25965c3fc2104a4

    • SHA512

      2b2f5a29196583ced07460d2fdb6a503217628fac2ea25210db5765472d77dee2242a28ffce59a3a7b52c319b153bfae2e44b1be62e0bd5647b568ba178262c9

    • SSDEEP

      12288:GQWoX0U1YjyndWMqZgdi/xcsyo5sXMugmjhJcdhgysOYj24nXLFFYB:CokUrG3/qsy8sb+Pgy224XZFw

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks