Description
Keylogger and Infostealer first seen in November 2020.
Pick-Up Schedule.com
General
Target
Size
Sample
Pick-Up Schedule.com
751KB
210122-914vrrafm2
Score
10 /10
MD5
SHA1
SHA256
SHA512
d0d5e54bec67f0d0d382865d3cc7c688
b6eeb227349d15fd64ec30fc3888c2cc90b8fc13
207942189e81358c6fb92ad355747146ffa7465ba8563b178bdc6f57ae4e0afb
bb015d52d51de322ea07a34f772c79cb8af3b3a7cf0db8ad5214e7e983e3041ddc89a683b791dded835688191087e59775353fa067416a4a9b75484bf9d56c4c
Malware Config
Extracted
| Protocol | smtp |
| Host | smtp.yandex.com |
| Port | 587 |
| Username | smt.treat@yandex.com |
| Password | WyhjVTBX5hjrgu7 |
Targets
Target
MD5
Filesize
Pick-Up Schedule.com
d0d5e54bec67f0d0d382865d3cc7c688
751KB
Score
10 /10
SHA1
SHA256
SHA512
b6eeb227349d15fd64ec30fc3888c2cc90b8fc13
207942189e81358c6fb92ad355747146ffa7465ba8563b178bdc6f57ae4e0afb
bb015d52d51de322ea07a34f772c79cb8af3b3a7cf0db8ad5214e7e983e3041ddc89a683b791dded835688191087e59775353fa067416a4a9b75484bf9d56c4c
Tags
Signatures
-
Snake Keylogger
-
Snake Keylogger Payload
-
Drops startup file
-
Loads dropped DLL
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Description
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks