General

  • Target

    Alvise Maria CV 1.exe

  • Size

    1.4MB

  • Sample

    241101-m7d1yszerb

  • MD5

    3dc3bbec8d0de761f7992a0464409ba8

  • SHA1

    073728a153af98b84ab24726b373bd994d9688e6

  • SHA256

    9aa6870924984dad7897c2efa17305143d0e95aba5b8ecb387577361c7657d0c

  • SHA512

    8bbb9e321241326d7a4da14069a165455b805dc2f161aa83557ff2619bf6b12c10c9d80916eb60046a15306353167bfd9a3818d31e7931c30b6d345a3332059f

  • SSDEEP

    24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8arPWg0EGRxH9DD3/MfOJ4L/:pTvC/MTQYxsWR7arfqlg44L

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7814594885:AAHa3uCXluFI0wdWKPRtBnbO9yWlWuXuj84/sendMessage?chat_id=1178171552

Targets

    • Target

      Alvise Maria CV 1.exe

    • Size

      1.4MB

    • MD5

      3dc3bbec8d0de761f7992a0464409ba8

    • SHA1

      073728a153af98b84ab24726b373bd994d9688e6

    • SHA256

      9aa6870924984dad7897c2efa17305143d0e95aba5b8ecb387577361c7657d0c

    • SHA512

      8bbb9e321241326d7a4da14069a165455b805dc2f161aa83557ff2619bf6b12c10c9d80916eb60046a15306353167bfd9a3818d31e7931c30b6d345a3332059f

    • SSDEEP

      24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8arPWg0EGRxH9DD3/MfOJ4L/:pTvC/MTQYxsWR7arfqlg44L

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks