IMG_9501.EXE

General
Target

IMG_9501.EXE

Size

1MB

Sample

210122-q7gdfp8qcx

Score
10 /10
MD5

e3d9793d14ec64e2398c709a3483c212

SHA1

6a86e4ecd6529345e29fb461b59787a7560f4865

SHA256

14dc0be4a9f52bb8c9614621b4d521ed56592dcde2483b6ff099d061bcb7cada

SHA512

f3c0a8818fcc5bb09bd76fad45d49bb7af155e5c77bb58aac66323efb71c0a4853813c3ef964694e1b8df3e325a0602ec683f478a575616947a7624b8406128f

Malware Config
Targets
Target

IMG_9501.EXE

MD5

e3d9793d14ec64e2398c709a3483c212

Filesize

1MB

Score
10 /10
SHA1

6a86e4ecd6529345e29fb461b59787a7560f4865

SHA256

14dc0be4a9f52bb8c9614621b4d521ed56592dcde2483b6ff099d061bcb7cada

SHA512

f3c0a8818fcc5bb09bd76fad45d49bb7af155e5c77bb58aac66323efb71c0a4853813c3ef964694e1b8df3e325a0602ec683f478a575616947a7624b8406128f

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Snake Keylogger Payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation