DOC-S09989.exe

Target

DOC-S09989.exe

Size

608KB

Sample

210121-6jnjmcggfx

Score

10 ^/10

MD5

30d51014bd7fcdf58947980ad56e12a9

SHA1

9b372303fc82f98c27b28083bdc234a4dfeaa3b5

SHA256

a46619353188d4f4391269c1e5b29ba8bc3bb0d476688f903af75dd2603f6e8d

SHA512

9cdbcd72ae9386ed2783a260580ea1e40f3191239e16876fff3100263cc2d1b65796f2e56fc6d0543fc9b1a87b7f96f635978436796f36a2a996c0bb0c359d14

Target

DOC-S09989.exe

MD5

30d51014bd7fcdf58947980ad56e12a9

Filesize

608KB

Score

10 ^/10

SHA1

9b372303fc82f98c27b28083bdc234a4dfeaa3b5

SHA256

a46619353188d4f4391269c1e5b29ba8bc3bb0d476688f903af75dd2603f6e8d

SHA512

9cdbcd72ae9386ed2783a260580ea1e40f3191239e16876fff3100263cc2d1b65796f2e56fc6d0543fc9b1a87b7f96f635978436796f36a2a996c0bb0c359d14

Signatures

Snake Keylogger

Description

Keylogger and Infostealer first seen in November 2020.

Tags

stealer keylogger snakekeylogger
Snake Keylogger Payload
Reads data files stored by FTP clients

Description

Tries to access configuration files associated with programs like FileZilla.

Tags

spyware

TTPs

Data from Local System Credentials in Files
Reads user/profile data of local email clients

Description

Email clients store some user data on disk where infostealers will often target it.

Tags

spyware

TTPs

Data from Local System Credentials in Files
Reads user/profile data of web browsers

Description

Infostealers often target stored browser data, which can include saved credentials etc.

Tags

spyware

TTPs

Data from Local System Credentials in Files
Looks up external IP address via web service

Description

Uses a legitimate IP lookup service to find the infected system's external IP.
Enumerates physical storage devices

Description

Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Tags

ransomware

TTPs

System Information Discovery
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

snakekeylogger keylogger ransomware spyware stealer

10^/10

behavioral2

snakekeylogger keylogger ransomware spyware stealer

10^/10

Tags

Signatures

Snake Keylogger

Description

Tags

Snake Keylogger Payload

Reads data files stored by FTP clients

Description

Tags

TTPs

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Looks up external IP address via web service

Description

Enumerates physical storage devices

Description

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2