General

  • Target

    04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a.exe

  • Size

    785KB

  • Sample

    241206-cghlcazpdk

  • MD5

    f01fb2c1ebde3213faeec8d171c0eed2

  • SHA1

    598d9ab017e0ac1bb65ba05b296c493426918ff8

  • SHA256

    04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a

  • SHA512

    ea9665b513ddeac55944022570a62b310925fceffae15bccb1249b1f98066a0df47be1a10626404e9248260ad92365ba19ae53e41b4c220e327a7d880403afbc

  • SSDEEP

    12288:beYT2ytQFWKDvedwHtLYVm8x2ySv+zlv0O78wCtd9ao4:SXFbvedhmS2Xsum8rao

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7719054034:AAHonYJDOpWskt5QdgdvYe662dLuhtscDqw/sendMessage?chat_id=6370711846

Targets

    • Target

      04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a.exe

    • Size

      785KB

    • MD5

      f01fb2c1ebde3213faeec8d171c0eed2

    • SHA1

      598d9ab017e0ac1bb65ba05b296c493426918ff8

    • SHA256

      04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a

    • SHA512

      ea9665b513ddeac55944022570a62b310925fceffae15bccb1249b1f98066a0df47be1a10626404e9248260ad92365ba19ae53e41b4c220e327a7d880403afbc

    • SSDEEP

      12288:beYT2ytQFWKDvedwHtLYVm8x2ySv+zlv0O78wCtd9ao4:SXFbvedhmS2Xsum8rao

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks