Overview

overview

10

Static

static

5

New Order.exe

windows7-x64

10

New Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Order.exe

  • Size

    1.1MB

  • Sample

    250205-kdlslazncp

  • MD5

    1380e9e930dedba3e829d5c47c80b148

  • SHA1

    5213b0848a5d2d2ba307d96dd7874cde05d86256

  • SHA256

    36d1c3097e2cf1d4859d9c1145fe80d1329d8785696326ce62b2196c41b9e97c

  • SHA512

    4309a2599f47361545e58fc9ed5000538e9bec279637bd34f2926e7aaed6566419ac377dba8e1618bebc1957b4933566f71e85e76ef07124de6460cf15d22ed7

  • SSDEEP

    24576:MAHnh+eWsN3skA4RV1Hom2KXFmIaXA9x7GJU6w/w8CO4bX7w5:rh+ZkldoPK1XaXix7GJp5Fb6

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8152393919:AAFcv9D2OhgJkwW5R_jm9t4Pm6asb_5vQdk/sendMessage?chat_id=1437092720

Targets

    • Target

      New Order.exe

    • Size

      1.1MB

    • MD5

      1380e9e930dedba3e829d5c47c80b148

    • SHA1

      5213b0848a5d2d2ba307d96dd7874cde05d86256

    • SHA256

      36d1c3097e2cf1d4859d9c1145fe80d1329d8785696326ce62b2196c41b9e97c

    • SHA512

      4309a2599f47361545e58fc9ed5000538e9bec279637bd34f2926e7aaed6566419ac377dba8e1618bebc1957b4933566f71e85e76ef07124de6460cf15d22ed7

    • SSDEEP

      24576:MAHnh+eWsN3skA4RV1Hom2KXFmIaXA9x7GJU6w/w8CO4bX7w5:rh+ZkldoPK1XaXix7GJp5Fb6

    Score
    10/10
    snakekeyloggercollectiondiscoverykeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks