Consignment Details.bin.zip

General
Target

Consignment Details.bin.zip

Size

20KB

Sample

210421-6etfrttlw6

Score
10 /10
MD5

5e7860ba8371881f47e461b7c7ecf1b5

SHA1

bb5473b0480c43587d29b5b948ad370e0a72a21d

SHA256

6f74882c4cf0275ea7f708ad3b821ac588eed9cdd965daeea6987630081c1109

SHA512

b093469758162e95682c63feb2b24cd3e2ab21771c38b6e9977e3163548ba3ac18d276b785901388b1ed97f7de0e486012a7cab77fb43b29346f9125623486d2

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: gmicaprelam.in

Port: 587

Username: shege@gmicaprelam.in

Password: shege2424@

Targets
Target

Consignment Details.bin

MD5

b380133b30eb9bcfbbd628fd95b7b47b

Filesize

235KB

Score
10 /10
SHA1

61cd51cdad34e4a2063e14b41436cd271802169c

SHA256

ed2daeb7be57c4a046af63e7ebd3d6044fd4e4aa8ac9c483ca8dcf679b694d7f

SHA512

dd62b9502a21c04dbea577cfc5c40315d86a1e552ef44aac5593cac71339efd172cc9e823511953d33fec3a1ee37628148b964062a66c7c64a26792385ba03e8

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Snake Keylogger Payload

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks