General

  • Target

    fbb0e05fe6164f133bd793878e4ff5ac732d8352881ac1b0ca8886b1852fe935.rar

  • Size

    935KB

  • Sample

    241102-lrh5astjen

  • MD5

    327a3970e070b6d1a22253fb5ec0f12d

  • SHA1

    151a32b0940cdcb4e0ed391315cdedf95173a274

  • SHA256

    fbb0e05fe6164f133bd793878e4ff5ac732d8352881ac1b0ca8886b1852fe935

  • SHA512

    e8941324dc74771aa38175a6a85b1d58e22f67c760cc4c5b3480715fee857ad6615367aa47db5521f4b39a39c29f29bbe981b35819363dc52aa93adf9ed6b707

  • SSDEEP

    24576:M8R8QsCtiwNufsq3QaKDM/XW10zdYqP3+U7Yef:MxzAy+yOU5f

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7814594885:AAHa3uCXluFI0wdWKPRtBnbO9yWlWuXuj84/sendMessage?chat_id=1178171552

Targets

    • Target

      Alvise Maria CV 1.exe

    • Size

      1.4MB

    • MD5

      3dc3bbec8d0de761f7992a0464409ba8

    • SHA1

      073728a153af98b84ab24726b373bd994d9688e6

    • SHA256

      9aa6870924984dad7897c2efa17305143d0e95aba5b8ecb387577361c7657d0c

    • SHA512

      8bbb9e321241326d7a4da14069a165455b805dc2f161aa83557ff2619bf6b12c10c9d80916eb60046a15306353167bfd9a3818d31e7931c30b6d345a3332059f

    • SSDEEP

      24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8arPWg0EGRxH9DD3/MfOJ4L/:pTvC/MTQYxsWR7arfqlg44L

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks