Overview

overview

10

Static

static

5

1630552977...ti.exe

windows7-x64

10

1630552977...ti.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76305_529772_20250121_09114163_HesapOzeti.r00

  • Size

    470KB

  • Sample

    250219-r4ekjavj15

  • MD5

    1c8f2e0cb398f99d42dd6927e0e0a159

  • SHA1

    d9bdc06e2ba640acaa5f050fa0f746a72665c38f

  • SHA256

    db536ddf7a23c75d4dad62f8811a66c798f07ae0f073b5af4e857d29d005c964

  • SHA512

    dd93369d8bc475a97ddc01f7c13ff2b25973e7abe7f6440e41e9cb5bd3f8fc7a35e3bb6e527087865fac72db2130b72417554788de5cd3c0ce7d360bd2e36a0d

  • SSDEEP

    12288:v6qdexVVQlgSE+pluxh50HpHM9agzsZjTu32p:v6yex3QlgsCUstsZ3u30

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot8072652241:AAGrRqUJL258aFVTgjkx7BTS5H-oihM0X1c/sendMessage?chat_id=6557702940

Targets

    • Target

      16305529772_20250121_09114163_HesapOzeti.exe

    • Size

      956KB

    • MD5

      c3dc7729bda258183f460352e5a99027

    • SHA1

      db8a673d5fa15345fd10cfe17425dd98a8b7ad81

    • SHA256

      d6567fa93426f5c3dbb9106264bd6614c88b452c8e8137b564f6c0a71caa166b

    • SHA512

      46d2474cece4cae4f48a4ea68aa61c9497c9473f3a3647cc45eaf41f9802fb56a2276aabf29a9e876753920e758c9a1ba83405977b16f36b04d132e2797117ca

    • SSDEEP

      24576:fu6J33O0c+JY5UZ+XC0kGso6FaOdo93ZVWY:pu0c++OCvkGs9FaOdseY

    Score
    10/10
    snakekeyloggercollectiondiscoverykeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks