General

  • Target

    0742d441e028c5833d9da411c05e8494179d1ea34d1b7be02062664635eb9460

  • Size

    554KB

  • Sample

    241209-x3km2sxrew

  • MD5

    221ee315a3553900d8ad8dc4df0fe8bc

  • SHA1

    931494f2ba4148045c19006d1d5540ccb877d74b

  • SHA256

    0742d441e028c5833d9da411c05e8494179d1ea34d1b7be02062664635eb9460

  • SHA512

    e8c6ccbb9b2480ff6493c576fa6b286f3f2a924dd1e7b5b2dd84d5c81070a7e20f61396a4d3323ee12bb193cb42b211c6983e806a948c7acd65826755cd0d864

  • SSDEEP

    12288:xhPA72TQ9GEF5QH5/ptMOW1T2eOsb7M78Xvi1yrH0FtcU8:xho72TQ0EvAbW1T2exRSyrHZ

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7125297965:AAFl6eQAjxqGeAfWHpfHbGAtADDAZUyFidM/sendMessage?chat_id=6367688286

Targets

    • Target

      doc22042119500.pdf.exe

    • Size

      1.0MB

    • MD5

      70f47b02d8f79ac207da3ee5d4eac29f

    • SHA1

      a170afcbce17ab9471069728d88dc2a1f9229cd5

    • SHA256

      3bea986bab8cae3a2a1f7ccb0cd948a4c72cd6ea55b7169948594f6c64f2f5ad

    • SHA512

      39f2470c2f3b7865227777e5182d5c34660b247824dae39eced2800c9873e87380ca935b4fdd63221bd408c57cd43d46a56abd047b2effa9bed63f59a2f7e227

    • SSDEEP

      24576:Gu6J33O0c+JY5UZ+XC0kGso6FamBSyrDRFCgWY:Iu0c++OCvkGs9Fam0ypWY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks