Description
Keylogger and Infostealer first seen in November 2020.
a569143fb486224eafbd810733838c53.exe
General
Target
Size
Sample
a569143fb486224eafbd810733838c53.exe
988KB
210121-sz6ensrm8a
Score
10 /10
MD5
SHA1
SHA256
SHA512
a569143fb486224eafbd810733838c53
69cfb0ef26c1ee25590453cb5531e5fec347de04
10e0e68a368fcfca75516ac7814e87a388ff5047964a0501a3cb75d9330b3eb8
67f60a853a016d47ec8a58f46abcae6dd102304db907478d589d5388a7b684b8b4779d7dbe9cb0d2dc9ab48c4902f8d48d35dff31cc0405796d38ba084199b8e
Malware Config
Extracted
| Protocol | smtp |
| Host | pro40.emailserver.vn |
| Port | 587 |
| Username | vexa@itpc.gov.vn |
| Password | Vexa@2013 |
Targets
Target
MD5
Filesize
a569143fb486224eafbd810733838c53.exe
a569143fb486224eafbd810733838c53
988KB
Score
10 /10
SHA1
SHA256
SHA512
69cfb0ef26c1ee25590453cb5531e5fec347de04
10e0e68a368fcfca75516ac7814e87a388ff5047964a0501a3cb75d9330b3eb8
67f60a853a016d47ec8a58f46abcae6dd102304db907478d589d5388a7b684b8b4779d7dbe9cb0d2dc9ab48c4902f8d48d35dff31cc0405796d38ba084199b8e
Tags
Signatures
-
Snake Keylogger
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Description
Tries to access configuration files associated with programs like FileZilla.
Tags
TTPs
-
Reads user/profile data of local email clients
Description
Email clients store some user data on disk where infostealers will often target it.
Tags
TTPs
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks