General

  • Target

    40d966464cd7ad55d8ed44d2dd1208d72a85425b360934aa47abaa4df58623da

  • Size

    2.5MB

  • Sample

    241220-rj9vyaxrhq

  • MD5

    f8a07a5919711a1374bb479d9ffea82e

  • SHA1

    3fe2c88c19abaf5e03d07dc5a58951c9a9ddd7e2

  • SHA256

    40d966464cd7ad55d8ed44d2dd1208d72a85425b360934aa47abaa4df58623da

  • SHA512

    a3036980f355d368014c7c9c61e6e3ed3d6261d36a7f8215ca1386fd83cfaf5030c536fc6b90edc51ced3255d66dfdd4fea1fca10ce208e4615c2c2f7a0fa7e8

  • SSDEEP

    49152:qKQ9dy4x8NXwkGOfEO0W8HGUnw8oyxNQBapXxNWeNy5ra8xRVT:q3+6oXwNOfEFWxUZoyxNQByNNaRVT

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7924749806:AAG-WJhqQVHwMR7UVUYahs5tVC-3tNXnruE/sendMessage?chat_id=7009913093

Targets

    • Target

      hareketleriniz.exe

    • Size

      4.9MB

    • MD5

      3f0aa4d50657a6d3d4c9fef1ec75d02e

    • SHA1

      d345f158ed80e33425c2f948b5110be810a13e59

    • SHA256

      c1580e67c99a2ea0c669cdf47afd9796b9222250da206b70403a2f0bba9e1564

    • SHA512

      66b713afe613941f7b73a636049a82e8411cb1baaf3596d43d49fa359252badfcbdf9129240c2d755d84df5a7f7290bf664e2f9d8eae9a25f863aa2b508f7c6d

    • SSDEEP

      49152:V/nG41Q+Ue+S3SlFYZ/bOvNR6DXhdboT3Y0hoApjq9vnUiQagE1gvaV6H5Oi88DX:V/e+UeRBGyJcLfrolLtaOjNsFX

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.