General

  • Target

    1c5177fea4833f66ffe8c08a395dfd946c84d0e18aec8081b575665cec967e43

  • Size

    1.0MB

  • Sample

    241127-zbqq4ayqhs

  • MD5

    68d0e288370f9f7248146514b7d23dc3

  • SHA1

    c8fca68e372791886859b45adb41ab894c15dbef

  • SHA256

    1c5177fea4833f66ffe8c08a395dfd946c84d0e18aec8081b575665cec967e43

  • SHA512

    2f6a36889efc28ca77f132555ee9202c05b40f9b024994db77c2a06668b3b4f2ad5c05f8a9aef32c73d1a4ef0f513b76841637dbfc38a82bdbc314115efc2d2e

  • SSDEEP

    12288:/tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaBh8iVhkW+ZWBmG0DuGo:/tb20pkaCqT5TBWgNQ7aBFGZ80D746A

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8105461233:AAGikrL-FY3clQOY-lg3KOIDOXSLgX28_TU/sendMessage?chat_id=6147266367

Targets

    • Target

      1c5177fea4833f66ffe8c08a395dfd946c84d0e18aec8081b575665cec967e43

    • Size

      1.0MB

    • MD5

      68d0e288370f9f7248146514b7d23dc3

    • SHA1

      c8fca68e372791886859b45adb41ab894c15dbef

    • SHA256

      1c5177fea4833f66ffe8c08a395dfd946c84d0e18aec8081b575665cec967e43

    • SHA512

      2f6a36889efc28ca77f132555ee9202c05b40f9b024994db77c2a06668b3b4f2ad5c05f8a9aef32c73d1a4ef0f513b76841637dbfc38a82bdbc314115efc2d2e

    • SSDEEP

      12288:/tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaBh8iVhkW+ZWBmG0DuGo:/tb20pkaCqT5TBWgNQ7aBFGZ80D746A

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.