Overview

overview

10

Static

static

9

0b98faf626...05.exe

windows7_x64

10

0b98faf626...05.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b98faf626c10538ddd8ff786e1fb1f1cfeb6e05

  • Size

    580KB

  • Sample

    210128-1q1eclxqsx

  • MD5

    38a0b1feccc0e9321d2cd40425e7a3fe

  • SHA1

    0b98faf626c10538ddd8ff786e1fb1f1cfeb6e05

  • SHA256

    f5d1f03033f55a7d779d07e11a876447abd4ae01aed58482706f6879931cf68c

  • SHA512

    08aa1cd18fb0d8b0c87175dbf24c70cddf4fc27314405ac319a2185fe3e2cdd4f0b61810ba11108b57e63102eb86fe6200b7a7d0582b985c7446599e313575f0

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    c44MAMBxPAEZKQf

Extracted

Credentials

Targets

    • Target

      0b98faf626c10538ddd8ff786e1fb1f1cfeb6e05

    • Size

      580KB

    • MD5

      38a0b1feccc0e9321d2cd40425e7a3fe

    • SHA1

      0b98faf626c10538ddd8ff786e1fb1f1cfeb6e05

    • SHA256

      f5d1f03033f55a7d779d07e11a876447abd4ae01aed58482706f6879931cf68c

    • SHA512

      08aa1cd18fb0d8b0c87175dbf24c70cddf4fc27314405ac319a2185fe3e2cdd4f0b61810ba11108b57e63102eb86fe6200b7a7d0582b985c7446599e313575f0

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks