INVO_0000765346700.exe

General
Target

INVO_0000765346700.exe

Size

831KB

Sample

210121-wf1nvmn2ye

Score
10 /10
MD5

0e7ba71841d588d386f72ce5a9db1ac4

SHA1

f83eb0821ef7a56b4dbc10b1baa46be3d1c966a0

SHA256

7484614b3839b55e6b0ec7c80032f01aa650cd6ed11ea08f10e3438f0c6810eb

SHA512

60e7c492316fb2c8e524579c7721d4903dde9f09e53bce39e9456158c76cea21c430642ebb4cbc6bf308b96efae41564e45e707970f46dc15cc838c07208093b

Malware Config
Targets
Target

INVO_0000765346700.exe

MD5

0e7ba71841d588d386f72ce5a9db1ac4

Filesize

831KB

Score
10 /10
SHA1

f83eb0821ef7a56b4dbc10b1baa46be3d1c966a0

SHA256

7484614b3839b55e6b0ec7c80032f01aa650cd6ed11ea08f10e3438f0c6810eb

SHA512

60e7c492316fb2c8e524579c7721d4903dde9f09e53bce39e9456158c76cea21c430642ebb4cbc6bf308b96efae41564e45e707970f46dc15cc838c07208093b

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Snake Keylogger Payload

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10