General

  • Target

    2d139feda3a6ff2f5710f76273a3b004e042cc637f15f18c2bcc4ad0213add28.exe

  • Size

    537KB

  • Sample

    241112-cmv4ma1pbz

  • MD5

    44d210abf701429d760e463f6b315660

  • SHA1

    b62bd625e3e27ea01a5915bb1ee4bce900011de5

  • SHA256

    2d139feda3a6ff2f5710f76273a3b004e042cc637f15f18c2bcc4ad0213add28

  • SHA512

    21af7cd0b09c9e73fe5671def4bc0faec3c40ee13084c75780980d529011f8d7dc1ef7dd101155d37587b129468d5061f625f4dd523f4da53cfb65edce1a7533

  • SSDEEP

    12288:z/4yfAW7S8TphylnjeqtLbzlf7yobicCcdsNKuj2Mv6:L1/O8T/IiyLbZViIIKuSMv

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8142299351:AAFDTrtIpOoWWO5SiyZfI7QSQ2VJ59N65c8/sendMessage?chat_id=595808702

Targets

    • Target

      2d139feda3a6ff2f5710f76273a3b004e042cc637f15f18c2bcc4ad0213add28.exe

    • Size

      537KB

    • MD5

      44d210abf701429d760e463f6b315660

    • SHA1

      b62bd625e3e27ea01a5915bb1ee4bce900011de5

    • SHA256

      2d139feda3a6ff2f5710f76273a3b004e042cc637f15f18c2bcc4ad0213add28

    • SHA512

      21af7cd0b09c9e73fe5671def4bc0faec3c40ee13084c75780980d529011f8d7dc1ef7dd101155d37587b129468d5061f625f4dd523f4da53cfb65edce1a7533

    • SSDEEP

      12288:z/4yfAW7S8TphylnjeqtLbzlf7yobicCcdsNKuj2Mv6:L1/O8T/IiyLbZViIIKuSMv

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.