Overview

overview

10

Static

static

1

beenieT.exe

windows7-x64

10

beenieT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d1dca99dcade53932e9f73158aecc0e73ea274a1c05d3cb7005a34d3957af23.7z

  • Size

    510KB

  • Sample

    250219-c6g14sxjy4

  • MD5

    75f22ca0711f7a912b28c50cf15b08a5

  • SHA1

    be4cf31ffd6f6e6629581512dcbd09646fc1db0c

  • SHA256

    1d1dca99dcade53932e9f73158aecc0e73ea274a1c05d3cb7005a34d3957af23

  • SHA512

    bfc2ea7abbf5d367127ad553152f02ce2451b4b94c69c2111370a09ef4ca5eec380735319f96ce8cecf3bb4aedcf852308d9e7c5ba4a756ef24e5f01e7850062

  • SSDEEP

    12288:dRwzxK9q4FdbxRXdFzPFwPiYj4wHU/iZmRNsVT+mqPx6N6Kk+ycR/0woWpa:d6zxK9q4F5jNwPiYjaNN6TUp6Nrk/MZa

Score
10/10
snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7465931215:AAEEB2buL-YODXHMy33u4S1TgD90QPF6Te0/sendMessage?chat_id=7519150590

Targets

    • Target

      beenieT.exe

    • Size

      627KB

    • MD5

      01adfbc94da06851348026ba175876f4

    • SHA1

      afab7627513aeab150cb27609e2ee3ddf3062c8e

    • SHA256

      027704a79bc8bc9533c0d2d20c15ff824be56a280512e2305ac66dea22e91f70

    • SHA512

      93dc93dcd9d87afc731258aaedb999776dcbe5421116f9ad71dae54f9ec8ccfaca02c80a212a04d16391f4ed6530b5f46c4554ada935d940b0f2fe163a174771

    • SSDEEP

      12288:6xgmXcBFdytRXdvtaFFPiYK41HU/iZqRNyVTZlqPxUN6Kk+ycR/3w2FirEukR:uZAFQnmFPiYKJZNcTipUNrk/92Qk

    Score
    10/10
    snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks