General

  • Target

    96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35.exe

  • Size

    1.1MB

  • Sample

    241106-dnkjysvajm

  • MD5

    4518fb3fe25fb47b24f94fdeb7c0c3b4

  • SHA1

    ed6d787a0cb6e70abe2ffc4e07bdd78b2e8bb105

  • SHA256

    96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35

  • SHA512

    544e08f1867d20720035eae3100247a29752e356aa579a067cef28395a7bacc8dd768d545f79948e815c0a404a668f0232ef8d1f719b1063d762d83b993461c1

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLrQ4GyWnqJnkFsBx31yby14q:f3v+7/5QLXGfbFg16q

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7498931539:AAE8KHb70FueL6YmOOF6rhS3Z3o-F1rx6_A/sendMessage?chat_id=1178171552

Targets

    • Target

      96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35.exe

    • Size

      1.1MB

    • MD5

      4518fb3fe25fb47b24f94fdeb7c0c3b4

    • SHA1

      ed6d787a0cb6e70abe2ffc4e07bdd78b2e8bb105

    • SHA256

      96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35

    • SHA512

      544e08f1867d20720035eae3100247a29752e356aa579a067cef28395a7bacc8dd768d545f79948e815c0a404a668f0232ef8d1f719b1063d762d83b993461c1

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLrQ4GyWnqJnkFsBx31yby14q:f3v+7/5QLXGfbFg16q

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks