General

  • Target

    9e49f5122ac42ba8a4619dd7ba2252da4118b9fd1755d2bdf17e2d179a3f5128.exe

  • Size

    795KB

  • Sample

    241107-dc1rsssqd1

  • MD5

    bd19b42305c151d78f451b2cd76e1867

  • SHA1

    6e0b260dc6fa468a102b86bca169abe5fad3ad77

  • SHA256

    9e49f5122ac42ba8a4619dd7ba2252da4118b9fd1755d2bdf17e2d179a3f5128

  • SHA512

    998abc5aad3731e0dca75ab50fe11d8359841f84ee4089dda9390a97ac1b4dc272aedd050bc3a2f41bc966df84dddb906c3c103133ace46504879c5d42d4c7c4

  • SSDEEP

    12288:jTfNJmCKE2pb57IvNxDPbAIunfmjFLpsA2++GBSYrgCkkrJ6bb:jb2t5svzrbAnuzsp+lnz6f

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7733074716:AAHPqUDZNcrQPzH_G03x5ppIOnkxZuz-Nyk/sendMessage?chat_id=7337843299

Targets

    • Target

      9e49f5122ac42ba8a4619dd7ba2252da4118b9fd1755d2bdf17e2d179a3f5128.exe

    • Size

      795KB

    • MD5

      bd19b42305c151d78f451b2cd76e1867

    • SHA1

      6e0b260dc6fa468a102b86bca169abe5fad3ad77

    • SHA256

      9e49f5122ac42ba8a4619dd7ba2252da4118b9fd1755d2bdf17e2d179a3f5128

    • SHA512

      998abc5aad3731e0dca75ab50fe11d8359841f84ee4089dda9390a97ac1b4dc272aedd050bc3a2f41bc966df84dddb906c3c103133ace46504879c5d42d4c7c4

    • SSDEEP

      12288:jTfNJmCKE2pb57IvNxDPbAIunfmjFLpsA2++GBSYrgCkkrJ6bb:jb2t5svzrbAnuzsp+lnz6f

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.