Overview

overview

10

Static

static

5

AWB_577138...te.exe

windows7-x64

10

AWB_577138...te.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18022025_1649_18022025_AWB_5771388044Versanddokumente.zipx

  • Size

    1014KB

  • Sample

    250218-ve5l7stqek

  • MD5

    c092063aa4d50c9b78fba84d867807ed

  • SHA1

    c7c40356be143c1f5c5b8b92108d12c31e8a7dc0

  • SHA256

    305080fb0481e655ab2864db11700b4b704ef40e3784548b599ce58f584ae232

  • SHA512

    9f05b28eb0343d035abdd66308f04d26be15c5a4ccb63159bb9a6e0b80bf8aaac3c23a638d751df86070cb03c2e415910144e5beea291eed34f70e363ed61f83

  • SSDEEP

    24576:Nu6J33O0c+JY5UZ+XC0kGso6FaPPKe8QWY:/u0c++OCvkGs9FaPyY

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8123813718:AAE7xhJKgiVtPaoPZCfcx9AxRJoEs0MjRtc/sendMessage?chat_id=7607163233

Targets

    • Target

      AWB_5771388044 Versanddokumente.exe

    • Size

      952KB

    • MD5

      15e2ffa4a2f8b42d5c133d26fac916d2

    • SHA1

      daab3c2bc5e78e8b09223129f267a302565063a1

    • SHA256

      9f0621c4cf15fa307280544219cc5ec4a18385aabb987e4ae24fb3d242f4636c

    • SHA512

      aa9acef205ae1b9191ea99144b13de280c3a951f99850a82f5a7034e4fc6ee93cd3f2e6f56a7d395dc546c71fddfe5104c3e379b96aa4de1050042a7b5b4b585

    • SSDEEP

      24576:vu6J33O0c+JY5UZ+XC0kGso6FaPPKe8QWY:Zu0c++OCvkGs9FaPyY

    Score
    10/10
    snakekeyloggercollectiondiscoverykeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks