General

  • Target

    000909000000000000.exe

  • Size

    587KB

  • Sample

    210118-c9pjcpf1nj

  • MD5

    db728ca63b516164bff44c2374a24c81

  • SHA1

    3d602e1ee511c52dc56c47e9f9430d73384751cf

  • SHA256

    7976634e38ef319a5d9cab0aa72ed0d8a4ec71ea6449b2f6ee41565828d2f3ca

  • SHA512

    850b13d709460be7d5bd00d725bbad3d6cef0191fb74d74130194aa8d997440a5ea2d8c16a43f25d306a6876ef2c98197e41258be5784d4eb94cce8d6519c539

Malware Config

Targets

    • Target

      000909000000000000.exe

    • Size

      587KB

    • MD5

      db728ca63b516164bff44c2374a24c81

    • SHA1

      3d602e1ee511c52dc56c47e9f9430d73384751cf

    • SHA256

      7976634e38ef319a5d9cab0aa72ed0d8a4ec71ea6449b2f6ee41565828d2f3ca

    • SHA512

      850b13d709460be7d5bd00d725bbad3d6cef0191fb74d74130194aa8d997440a5ea2d8c16a43f25d306a6876ef2c98197e41258be5784d4eb94cce8d6519c539

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger Payload

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks