Overview

overview

10

Static

static

9119a91490...ab.exe

windows7_x64

10

9119a91490...ab.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9119a914907a0e257b420f2b500a85ab.exe

  • Size

    480KB

  • Sample

    210117-qpwhxv1lln

  • MD5

    9119a914907a0e257b420f2b500a85ab

  • SHA1

    20a24a50a06886d44faced1a80c51e5b477fc8bd

  • SHA256

    2394c4fb7bea229f3842aeb5d70bd61a42b2d93a8ed2054f35dd497370602e43

  • SHA512

    8c0ea5b815df947607f1b0749cf1eb9b079aeec924cb6914f900fcc6219ba4c06baf05902099f469de04536e92dbed87d21e2f646ccd27ed49a954d988567762

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    pro40.emailserver.vn
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Vexa@2013

Targets

    • Target

      9119a914907a0e257b420f2b500a85ab.exe

    • Size

      480KB

    • MD5

      9119a914907a0e257b420f2b500a85ab

    • SHA1

      20a24a50a06886d44faced1a80c51e5b477fc8bd

    • SHA256

      2394c4fb7bea229f3842aeb5d70bd61a42b2d93a8ed2054f35dd497370602e43

    • SHA512

      8c0ea5b815df947607f1b0749cf1eb9b079aeec924cb6914f900fcc6219ba4c06baf05902099f469de04536e92dbed87d21e2f646ccd27ed49a954d988567762

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks