Overview

overview

10

Static

static

5

MB267382625AE.exe

windows7-x64

10

MB267382625AE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c49bbd09d32081ecf2b831b0d87f0f1093d20023279b3e7562c12eff24b583f5.rar

  • Size

    793KB

  • Sample

    241101-f4sxdaxdlh

  • MD5

    462503a0c23bcbb6e9ba02a26e8ac5dd

  • SHA1

    b0e1ecc7e080bf042ec0162e1499b9d7a6c11024

  • SHA256

    c49bbd09d32081ecf2b831b0d87f0f1093d20023279b3e7562c12eff24b583f5

  • SHA512

    79fd16d4993d40b5d1172bee06877150273e3a1ef7e36f851725bfc822150f49243642d32f86e856550e2d34a27ff5b6718490db64589a9ef8640d03688319c0

  • SSDEEP

    12288:5hiRx+9tkp5RE1Of9A7whWemYLMv6O+Y7gnk7FTC+NybSY58VszU+68I2f+e/xg:mYtaRE1WAkkvlkk7NCw5lJG+e5g

Score
10/10
snakekeyloggerdiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7498931539:AAE8KHb70FueL6YmOOF6rhS3Z3o-F1rx6_A/sendMessage?chat_id=1178171552

Targets

    • Target

      MB267382625AE.exe

    • Size

      1.1MB

    • MD5

      99ca910b16db27ba66db9cbec2415cea

    • SHA1

      cad321a828e9a42d6487be7bff031470cb06080b

    • SHA256

      98ad6abcac89f5fe797e52b948b022c86b77960d89d0d0c08a74342e4ab2d0f5

    • SHA512

      b0f2517ec1fa23552c0adfafc6fabbb22c491cb8071fb4a1028c94e36e6c54b25ea00dd2d3e34f306f105c7df9d15f8f58ab7f8f5d7ed9b913ebff4a87a6065b

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLrqN39nuk3kDWKOQsZkDpI:f3v+7/5QLrqNtuJaKOQ0kDpI

    Score
    10/10
    snakekeyloggerdiscoverykeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks