General

  • Target

    AWBNO-09804480383.exe

  • Size

    1.1MB

  • Sample

    241125-ph79lsspep

  • MD5

    9d452572ff75d16ee715c60c178e7c58

  • SHA1

    80749d335e02f8f538c3bf1b747c956f6bcc5a64

  • SHA256

    2295da0e659659289eade018cffada62e1c6dc679f26f45d458a287cba9694aa

  • SHA512

    6cd9d5e9cd537e6f827008d07127d5db7640e7884f0bcb8387489d1b1aa518ec6416f672908fb09dd11fadb4f00dd42b7ee0aca03957fac2514f9ee03f0108cd

  • SSDEEP

    24576:Ttb20pkaCqT5TBWgNQ7aXMdOiyErT383Wg76A:QVg5tQ7aXsOjKTW5

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7399492470:AAF1Q52TLq6uEICFiCVrLu9dpROnjh2wukI/sendMessage?chat_id=1443320838

Targets

    • Target

      AWBNO-09804480383.exe

    • Size

      1.1MB

    • MD5

      9d452572ff75d16ee715c60c178e7c58

    • SHA1

      80749d335e02f8f538c3bf1b747c956f6bcc5a64

    • SHA256

      2295da0e659659289eade018cffada62e1c6dc679f26f45d458a287cba9694aa

    • SHA512

      6cd9d5e9cd537e6f827008d07127d5db7640e7884f0bcb8387489d1b1aa518ec6416f672908fb09dd11fadb4f00dd42b7ee0aca03957fac2514f9ee03f0108cd

    • SSDEEP

      24576:Ttb20pkaCqT5TBWgNQ7aXMdOiyErT383Wg76A:QVg5tQ7aXsOjKTW5

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks