General

  • Target

    06112024_0104_05112024_e-dekont.r00

  • Size

    682KB

  • Sample

    241106-be3m3a1paz

  • MD5

    31bf0b4c8b354ae3481317171aca9f84

  • SHA1

    187c51cc0a6887f71f8f8f1a2f64271bd9aa4ece

  • SHA256

    6b416651cf03386aefaad36bd5f95f6f4af6d0f0ee73c4d82556e7296b3e3afe

  • SHA512

    f9d38dddd33dba6712aa873ce00db2d9be54b8b3b5e7b7a981af48765ba0cf9c13dafa7224a7934a7a15719fda7438e5cca8b045d270c5fd80eae5ff98463bd1

  • SSDEEP

    12288:Jj6HaRlyKtXOjElpGpoHyB6LZeyPSPJdyBDx0OdShBTvz3qa44KJdu0ynUiPggA8:JjuIoKfpGpo4OZeyPamVxHdSB7z3tbw0

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7541499630:AAESy1nWQ4poIra9UxdBRC70wQqWdJNny3U/sendMessage?chat_id=6557702940

Targets

    • Target

      e-dekont.exe

    • Size

      1.2MB

    • MD5

      d5ad166042ccce4f7f477fe59384623d

    • SHA1

      f452772ff09b1c58159d7afd22d1336d5631e66d

    • SHA256

      0b3cef4a20973e5733941436cd54ef4a157e4014d9b5765c8e4c7c348634b196

    • SHA512

      2b0bd2d902669ef637aff43e5d212441e2eee92d302817f402425b6e5e949dc6804e474df5d69e076fd91bb29d15ee38456728900f0d9abca81f2ad8d7a61915

    • SSDEEP

      24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8a3bDTaO6GX8JuFaVe0yiQr:ITvC/MTQYxsWR7a3b68rFaVecQ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks