General

  • Target

    872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99.exe

  • Size

    545KB

  • Sample

    241210-p3q6ts1kgk

  • MD5

    3cc7edfcd93bac94239fa43aafb1af52

  • SHA1

    98bd9aa9c997705f70e6a3483b95390835e66157

  • SHA256

    872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99

  • SHA512

    f01fe46aa7e41b708b247c2e76e1de2a523ddc801b73edbdee88ad9efff0f7b5d1030b165aba59973fbaebb369203adc1290e28794dbcde40f9425784106f92a

  • SSDEEP

    12288:NquErHF6xC9D6DmR1J98w4oknqOOCyQfZYQignEMlsFqqYJiWn1B:wrl6kD68JmlotQfZsgnEHPWn1B

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1628099890:AAEoyPqXzUZV0NK78yRGbDMLJqRw0vcASbg/sendMessage?chat_id=1217600190

Targets

    • Target

      872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99.exe

    • Size

      545KB

    • MD5

      3cc7edfcd93bac94239fa43aafb1af52

    • SHA1

      98bd9aa9c997705f70e6a3483b95390835e66157

    • SHA256

      872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99

    • SHA512

      f01fe46aa7e41b708b247c2e76e1de2a523ddc801b73edbdee88ad9efff0f7b5d1030b165aba59973fbaebb369203adc1290e28794dbcde40f9425784106f92a

    • SSDEEP

      12288:NquErHF6xC9D6DmR1J98w4oknqOOCyQfZYQignEMlsFqqYJiWn1B:wrl6kD68JmlotQfZsgnEHPWn1B

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks