General

  • Target

    INVO_0000765346700.exe

  • Size

    831KB

  • Sample

    210121-wf1nvmn2ye

  • MD5

    0e7ba71841d588d386f72ce5a9db1ac4

  • SHA1

    f83eb0821ef7a56b4dbc10b1baa46be3d1c966a0

  • SHA256

    7484614b3839b55e6b0ec7c80032f01aa650cd6ed11ea08f10e3438f0c6810eb

  • SHA512

    60e7c492316fb2c8e524579c7721d4903dde9f09e53bce39e9456158c76cea21c430642ebb4cbc6bf308b96efae41564e45e707970f46dc15cc838c07208093b

Malware Config

Targets

    • Target

      INVO_0000765346700.exe

    • Size

      831KB

    • MD5

      0e7ba71841d588d386f72ce5a9db1ac4

    • SHA1

      f83eb0821ef7a56b4dbc10b1baa46be3d1c966a0

    • SHA256

      7484614b3839b55e6b0ec7c80032f01aa650cd6ed11ea08f10e3438f0c6810eb

    • SHA512

      60e7c492316fb2c8e524579c7721d4903dde9f09e53bce39e9456158c76cea21c430642ebb4cbc6bf308b96efae41564e45e707970f46dc15cc838c07208093b

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks