General

  • Target

    36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4.exe

  • Size

    959KB

  • Sample

    241224-dtvxwazrg1

  • MD5

    7d142eb549dacdfc9c357f482d5bf921

  • SHA1

    57ef6110732b2d91f90c785a3fbba4a0112cdc87

  • SHA256

    36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4

  • SHA512

    77d59910817caeaa0f8b10d46fb9cf849784d98550040fa6c97a65cbc5a13207f8e8c83edc60608ff5ffba61061704ca5ecfe8c7f01961ddd5dfc987994e26b1

  • SSDEEP

    12288:yCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga1Tc4lB6e8X:yCdxte/80jYLT3U1jfsWahT76bzZJoQ

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7535953552:AAEceAC130pKqikyDX9W3q553FopjnWE5ro/sendMessage?chat_id=1981459653

Targets

    • Target

      36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4.exe

    • Size

      959KB

    • MD5

      7d142eb549dacdfc9c357f482d5bf921

    • SHA1

      57ef6110732b2d91f90c785a3fbba4a0112cdc87

    • SHA256

      36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4

    • SHA512

      77d59910817caeaa0f8b10d46fb9cf849784d98550040fa6c97a65cbc5a13207f8e8c83edc60608ff5ffba61061704ca5ecfe8c7f01961ddd5dfc987994e26b1

    • SSDEEP

      12288:yCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga1Tc4lB6e8X:yCdxte/80jYLT3U1jfsWahT76bzZJoQ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks