General
-
Target
AWB_5771388044ShippingDocuments.exe
-
Size
945KB
-
Sample
250212-hj6nva1mcp
-
MD5
1f1533809fc5e519a2c0ed71fcc8fef6
-
SHA1
559102913d846fe1f3042d6c705de207ad412aec
-
SHA256
83e24368dec559238ef435c59635d6e259157f415edad801f904767e3c517687
-
SHA512
73df594176249c02be3ef8dbca1bb954a86ac9d2bfc8884edc69845924cc03b41569153300c0ff717f25f4486406657dab737e20ae65cdf6485191593c86a048
-
SSDEEP
24576:pu6J33O0c+JY5UZ+XC0kGso6Fa/raGseMWY:Lu0c++OCvkGs9Fa/rzY
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot8123813718:AAE7xhJKgiVtPaoPZCfcx9AxRJoEs0MjRtc/sendMessage?chat_id=7607163233
Targets
-
-
Target
AWB_5771388044ShippingDocuments.exe
-
Size
945KB
-
MD5
1f1533809fc5e519a2c0ed71fcc8fef6
-
SHA1
559102913d846fe1f3042d6c705de207ad412aec
-
SHA256
83e24368dec559238ef435c59635d6e259157f415edad801f904767e3c517687
-
SHA512
73df594176249c02be3ef8dbca1bb954a86ac9d2bfc8884edc69845924cc03b41569153300c0ff717f25f4486406657dab737e20ae65cdf6485191593c86a048
-
SSDEEP
24576:pu6J33O0c+JY5UZ+XC0kGso6Fa/raGseMWY:Lu0c++OCvkGs9Fa/rzY
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-