General

  • Target

    a1d5e7e9410ec987b5399ae5f8f970b5e051efc97307188f02572ecdd7b9f516.exe

  • Size

    983KB

  • Sample

    241126-dgklda1jgy

  • MD5

    b8204c2309bbbaf3473266f2dcf3851e

  • SHA1

    65d51529e0698579378a26d537b6d0d4b6602e5a

  • SHA256

    a1d5e7e9410ec987b5399ae5f8f970b5e051efc97307188f02572ecdd7b9f516

  • SHA512

    3db8f19c13fec07cf4542446f9d15e62b0c1c4af4efd200bfe8f99662f145aef04ea75599c7c4a5802b4ef993990d7cc663b9ba7b6e8957a9ab7c4961fe9cfe6

  • SSDEEP

    24576:9tb20pkaCqT5TBWgNQ7anGrAEKqFf76A:uVg5tQ7anGrALID5

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7591642187:AAF3F6-zxp3HwWsP9s4_QJW4W-aEGhjsvDI/sendMessage?chat_id=6557702940

Targets

    • Target

      a1d5e7e9410ec987b5399ae5f8f970b5e051efc97307188f02572ecdd7b9f516.exe

    • Size

      983KB

    • MD5

      b8204c2309bbbaf3473266f2dcf3851e

    • SHA1

      65d51529e0698579378a26d537b6d0d4b6602e5a

    • SHA256

      a1d5e7e9410ec987b5399ae5f8f970b5e051efc97307188f02572ecdd7b9f516

    • SHA512

      3db8f19c13fec07cf4542446f9d15e62b0c1c4af4efd200bfe8f99662f145aef04ea75599c7c4a5802b4ef993990d7cc663b9ba7b6e8957a9ab7c4961fe9cfe6

    • SSDEEP

      24576:9tb20pkaCqT5TBWgNQ7anGrAEKqFf76A:uVg5tQ7anGrALID5

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks