General
-
Target
Quality stuff.pdf.exe
-
Size
53KB
-
Sample
241030-hfsmtazkcr
-
MD5
d8fb463ad208075d7f2dbf2fcf741552
-
SHA1
01f65045c6f7d541b8a97e94687b1d9c3966432b
-
SHA256
252cafe1ccfc66dc1ec8d88f7fbe036899cc865d6a98196598bf0a3314b56ea8
-
SHA512
3e5a330b1cb73f9ecf1c09785d2c215c7987ceec101053ea346e1a909188e226843e043d960d1a0882aa8a7d4967d82a1686738a16664a59baa58d2154254bf0
-
SSDEEP
768:UO4D+pP8PIUXCWdTKzX6C8C6aErKyrOkixgi2RaQQ6pL6hHvYe7dCplfn1VRjUd+:zpUlrCC0Qt1njUdD3ZT0i2hgU6A
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot8069816150:AAGUqkcMn6u9wnhjGwn59_cFD18VE7JaJgI/sendMessage?chat_id=7215551272
Targets
-
-
Target
Quality stuff.pdf.exe
-
Size
53KB
-
MD5
d8fb463ad208075d7f2dbf2fcf741552
-
SHA1
01f65045c6f7d541b8a97e94687b1d9c3966432b
-
SHA256
252cafe1ccfc66dc1ec8d88f7fbe036899cc865d6a98196598bf0a3314b56ea8
-
SHA512
3e5a330b1cb73f9ecf1c09785d2c215c7987ceec101053ea346e1a909188e226843e043d960d1a0882aa8a7d4967d82a1686738a16664a59baa58d2154254bf0
-
SSDEEP
768:UO4D+pP8PIUXCWdTKzX6C8C6aErKyrOkixgi2RaQQ6pL6hHvYe7dCplfn1VRjUd+:zpUlrCC0Qt1njUdD3ZT0i2hgU6A
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-