Overview

overview

10

Static

static

c46ec309db...69.exe

windows7_x64

10

c46ec309db...69.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c46ec309dba61ffbeb74bacf4f54c969.exe

  • Size

    448KB

  • Sample

    210114-vzvva94cnn

  • MD5

    c46ec309dba61ffbeb74bacf4f54c969

  • SHA1

    33c01acc5e47638a25ec6d16a478ca088183d8c4

  • SHA256

    e96b94843af6cd39424813c798b678d7202015ea488ff88d7be4ceee0ddfe531

  • SHA512

    d6184f35fad278ab0b6074b7a0b0404e820574187a5ad7cb964ac0c4678216d43e40e278c59d5a6124472df6c489e6da87faef362ad5d1b688d04c84e9bfb61f

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    pro40.emailserver.vn
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Vexa@2013

Targets

    • Target

      c46ec309dba61ffbeb74bacf4f54c969.exe

    • Size

      448KB

    • MD5

      c46ec309dba61ffbeb74bacf4f54c969

    • SHA1

      33c01acc5e47638a25ec6d16a478ca088183d8c4

    • SHA256

      e96b94843af6cd39424813c798b678d7202015ea488ff88d7be4ceee0ddfe531

    • SHA512

      d6184f35fad278ab0b6074b7a0b0404e820574187a5ad7cb964ac0c4678216d43e40e278c59d5a6124472df6c489e6da87faef362ad5d1b688d04c84e9bfb61f

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks