General

  • Target

    VSP469620.exe

  • Size

    996KB

  • Sample

    241126-jyxj6aslgx

  • MD5

    426faf44dbe98c8a45deb9f64bd25578

  • SHA1

    5cd6e8159d2fde3937385f096713e5d6fb5a9021

  • SHA256

    470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8

  • SHA512

    555dac08b0a4f9e31d46fc8b0006da7fb4ccba839d78f02ee155261e24c3c1dba3fc7746d1fe17b5ef3f06946c911c5200f2c668cb2c10edd9aafec8b9cacd04

  • SSDEEP

    12288:Etb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgat7U7mublf784ZRsO6A:Etb20pkaCqT5TBWgNQ7aBy784ZWO6A

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7591642187:AAF3F6-zxp3HwWsP9s4_QJW4W-aEGhjsvDI/sendMessage?chat_id=6557702940

Targets

    • Target

      VSP469620.exe

    • Size

      996KB

    • MD5

      426faf44dbe98c8a45deb9f64bd25578

    • SHA1

      5cd6e8159d2fde3937385f096713e5d6fb5a9021

    • SHA256

      470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8

    • SHA512

      555dac08b0a4f9e31d46fc8b0006da7fb4ccba839d78f02ee155261e24c3c1dba3fc7746d1fe17b5ef3f06946c911c5200f2c668cb2c10edd9aafec8b9cacd04

    • SSDEEP

      12288:Etb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgat7U7mublf784ZRsO6A:Etb20pkaCqT5TBWgNQ7aBy784ZWO6A

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.