General

  • Target

    7e9b362a71c816988c0664c4f5e8c27f5e8ebdea5f7ecbf027f90043a3a14f46

  • Size

    842KB

  • Sample

    241028-vmjdyasjfp

  • MD5

    493282d66f2a4e2c569a6018a3228a86

  • SHA1

    e968c7a8c74258f819ae2d4a44a265918239146d

  • SHA256

    7e9b362a71c816988c0664c4f5e8c27f5e8ebdea5f7ecbf027f90043a3a14f46

  • SHA512

    7758ee72cc4c12363c44215bde1b715ddfb445bc2b5fe9140c0d029545ab99526f7900d387cfe53f49c96d51ecd179705f34d42fdaa640849e3a35b6a18dc19c

  • SSDEEP

    24576:g+YAjq5pdLjud/UfYqN39juwHkDmKOIsZkBrv:5tjq5zLjIrqNtupSKOI0kBrv

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7498931539:AAE8KHb70FueL6YmOOF6rhS3Z3o-F1rx6_A/sendMessage?chat_id=1178171552

Targets

    • Target

      Contract.exe

    • Size

      1.1MB

    • MD5

      99ca910b16db27ba66db9cbec2415cea

    • SHA1

      cad321a828e9a42d6487be7bff031470cb06080b

    • SHA256

      98ad6abcac89f5fe797e52b948b022c86b77960d89d0d0c08a74342e4ab2d0f5

    • SHA512

      b0f2517ec1fa23552c0adfafc6fabbb22c491cb8071fb4a1028c94e36e6c54b25ea00dd2d3e34f306f105c7df9d15f8f58ab7f8f5d7ed9b913ebff4a87a6065b

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLrqN39nuk3kDWKOQsZkDpI:f3v+7/5QLrqNtuJaKOQ0kDpI

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks