Description
Keylogger and Infostealer first seen in November 2020.
Sale_Contract.com.exe
General
Target
Size
Sample
Sale_Contract.com.exe
834KB
210121-d4qczq1dds
Score
10 /10
MD5
SHA1
SHA256
SHA512
82da026cdda027fa16a19d91794c5f9e
354c3df735d48efaba85680367a1bcb8af5e1c7d
f8d16a2a7da4ed223329f2bb59f3e0296b6e3b36dee8f7e40a4c0d276a83032d
d96994ca3f771a7e31ef7abfdb27526fd8a5c30e18255a2457831d70fdec9e9b4017c3e977de2a1c801112cd450eff7140642d45d527378e4bc6e6c1ba2ca9af
Malware Config
Extracted
| Protocol | smtp |
| Host | smtp.yandex.com |
| Port | 587 |
| Username | smt.treat@yandex.com |
| Password | WyhjVTBX5hjrgu7 |
Targets
Target
MD5
Filesize
Sale_Contract.com.exe
82da026cdda027fa16a19d91794c5f9e
834KB
Score
10 /10
SHA1
SHA256
SHA512
354c3df735d48efaba85680367a1bcb8af5e1c7d
f8d16a2a7da4ed223329f2bb59f3e0296b6e3b36dee8f7e40a4c0d276a83032d
d96994ca3f771a7e31ef7abfdb27526fd8a5c30e18255a2457831d70fdec9e9b4017c3e977de2a1c801112cd450eff7140642d45d527378e4bc6e6c1ba2ca9af
Tags
Signatures
-
Snake Keylogger
-
Snake Keylogger Payload
-
Drops startup file
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Description
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks