General

  • Target

    dekontu.exe

  • Size

    1009KB

  • Sample

    241206-t2368awraz

  • MD5

    5758229f9353e837db35d9556f8c30cb

  • SHA1

    424e24f9de8e1c014d19772ec4c052820c3e36e4

  • SHA256

    9cf2882c93d6ab624569666974837d2f910412e2e5fcd66f62e655a7448bc693

  • SHA512

    bc807007ff2fb7559345310456a81dade83bfe925c7aa896a46d9394124c531adfe9ef387a7cb94c5d3788d4bac1669131d4884725163b1f94e29b760fe97874

  • SSDEEP

    24576:zu6J33O0c+JY5UZ+XC0kGso6FaDBSRT8n7LvoAWY:du0c++OCvkGs9FaDBSRTgXvSY

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7525931722:AAHv5VReYz4Tdv44qTVu1nWYViZknndh3TU/sendMessage?chat_id=7361435574

Targets

    • Target

      dekontu.exe

    • Size

      1009KB

    • MD5

      5758229f9353e837db35d9556f8c30cb

    • SHA1

      424e24f9de8e1c014d19772ec4c052820c3e36e4

    • SHA256

      9cf2882c93d6ab624569666974837d2f910412e2e5fcd66f62e655a7448bc693

    • SHA512

      bc807007ff2fb7559345310456a81dade83bfe925c7aa896a46d9394124c531adfe9ef387a7cb94c5d3788d4bac1669131d4884725163b1f94e29b760fe97874

    • SSDEEP

      24576:zu6J33O0c+JY5UZ+XC0kGso6FaDBSRT8n7LvoAWY:du0c++OCvkGs9FaDBSRTgXvSY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks