Purchase_Order_11_19_20.exe

General
Target

Purchase_Order_11_19_20.exe

Size

715KB

Sample

201119-mjqrcb4cz2

Score
10 /10
MD5

e492155e4d4cab9522ef4144234c8069

SHA1

97694934fc9e0caf9efb751e687ca7290f79ff2d

SHA256

18d86210ca1721632ee4a17030313ca4c9f60aa0657d83a6cc576b9889558eef

SHA512

094a8f459e10e20540cd0fc2f4cc8445aa7ac1b720eed0636fb8baf24cdda39a3f7b20b2e8d964bc6f2f15fd95847d721e77a1056594cd0d5ccd907c76812217

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: mail.zavidovici.ba

Port: 587

Username: opcina.zavidovici@zavidovici.ba

Password: 12Opc21!

Targets
Target

Purchase_Order_11_19_20.exe

MD5

e492155e4d4cab9522ef4144234c8069

Filesize

715KB

Score
10 /10
SHA1

97694934fc9e0caf9efb751e687ca7290f79ff2d

SHA256

18d86210ca1721632ee4a17030313ca4c9f60aa0657d83a6cc576b9889558eef

SHA512

094a8f459e10e20540cd0fc2f4cc8445aa7ac1b720eed0636fb8baf24cdda39a3f7b20b2e8d964bc6f2f15fd95847d721e77a1056594cd0d5ccd907c76812217

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Snake Keylogger Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10