Pick-Up Schedule.com

General
Target

Pick-Up Schedule.com

Size

751KB

Sample

210122-914vrrafm2

Score
10 /10
MD5

d0d5e54bec67f0d0d382865d3cc7c688

SHA1

b6eeb227349d15fd64ec30fc3888c2cc90b8fc13

SHA256

207942189e81358c6fb92ad355747146ffa7465ba8563b178bdc6f57ae4e0afb

SHA512

bb015d52d51de322ea07a34f772c79cb8af3b3a7cf0db8ad5214e7e983e3041ddc89a683b791dded835688191087e59775353fa067416a4a9b75484bf9d56c4c

Malware Config

Extracted

Protocol smtp
Host smtp.yandex.com
Port 587
Username smt.treat@yandex.com
Password WyhjVTBX5hjrgu7
Targets
Target

Pick-Up Schedule.com

MD5

d0d5e54bec67f0d0d382865d3cc7c688

Filesize

751KB

Score
10 /10
SHA1

b6eeb227349d15fd64ec30fc3888c2cc90b8fc13

SHA256

207942189e81358c6fb92ad355747146ffa7465ba8563b178bdc6f57ae4e0afb

SHA512

bb015d52d51de322ea07a34f772c79cb8af3b3a7cf0db8ad5214e7e983e3041ddc89a683b791dded835688191087e59775353fa067416a4a9b75484bf9d56c4c

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Snake Keylogger Payload

  • Drops startup file

  • Loads dropped DLL

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral2

                        10/10