Overview

overview

10

Static

static

Due Invoic...20.exe

windows7_x64

10

Due Invoic...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Due Invoices for 2020.exe

  • Size

    739KB

  • Sample

    210127-la9vtlxks6

  • MD5

    e93485dbb2ff29e594629293f850914f

  • SHA1

    2c79c97cbf9fcb3e1859f4d89b1d0c8e26e03822

  • SHA256

    0b32f0d8ef0ef999d370afa5a8d00a176c5335ccc69ea4370a20df9ee14616ef

  • SHA512

    3b040a07bce553390de45342a711449771e65b25e6d7acf55daf01134b9b2e0fcc56dd5f9621dc422f8b5a1096fc45c71540610fd761ec32bedf0b5f710d3b15

Score
10/10
snakekeyloggerkeyloggerransomwarestealer

Malware Config

Targets

    • Target

      Due Invoices for 2020.exe

    • Size

      739KB

    • MD5

      e93485dbb2ff29e594629293f850914f

    • SHA1

      2c79c97cbf9fcb3e1859f4d89b1d0c8e26e03822

    • SHA256

      0b32f0d8ef0ef999d370afa5a8d00a176c5335ccc69ea4370a20df9ee14616ef

    • SHA512

      3b040a07bce553390de45342a711449771e65b25e6d7acf55daf01134b9b2e0fcc56dd5f9621dc422f8b5a1096fc45c71540610fd761ec32bedf0b5f710d3b15

    Score
    10/10
    snakekeyloggerkeyloggerransomwarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks