General

  • Target

    6762dd5d2f557b0ddd1ae3e6871146951ac24085644ca58713f438a62a069d1a

  • Size

    2.5MB

  • Sample

    241222-3pkc1sskfp

  • MD5

    b72ca8ce3fc6dec37f0ff8ac2130ee5f

  • SHA1

    101b776cb78b7d9d85c14fece2161c006c438b83

  • SHA256

    6762dd5d2f557b0ddd1ae3e6871146951ac24085644ca58713f438a62a069d1a

  • SHA512

    7ff63719af204cb7787dd5f18e7c7ec1c0ba241f69340f81cc77218c1885ef6aee2a628b114a9da37e4656f649d965a307508c57019cfd1f50cb08d12389e815

  • SSDEEP

    49152:g1ohr/zzKt5qEfZTZHbQ91p7qXbyR/4QrDC/ZDwsPLo56+RKQ9SnmFJzLwn:gw/zzKt5qEfpZ67eyCwGbPLmBSnown

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7924749806:AAG-WJhqQVHwMR7UVUYahs5tVC-3tNXnruE/sendMessage?chat_id=7009913093

Targets

    • Target

      hareketleriniz.exe

    • Size

      4.9MB

    • MD5

      dd88e4c3f9247626b701977b7238e7a6

    • SHA1

      8a30ce8360570fca3b7b5913742466d06491cbf4

    • SHA256

      fcdde52d79cc0b51fa86a39b6ebd16d007733b0466c71a8fec91b750817c8e13

    • SHA512

      9373dfb5925492230b944433c9d4292d09655cd3dd4f820857a7ebcc35fd37e0d44f8cc5f9067d7e894c964e86ae7b589e118fe4d2b4c3743765b9a216adf333

    • SSDEEP

      49152:FUXWOBwOnRw23SlF+E/XShBvG3SHFDuGpY0NAfdXsYx4nVvIwtDajQao9TDOrbhc:FUJwOnRd+ShBQGtHNU31nOiGR

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks