Overview

overview

10

Static

static

1

QYT000000.exe

windows7_x64

7

QYT000000.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QYT000000.xz

  • Size

    505KB

  • Sample

    210421-ygc66cezs2

  • MD5

    b0db3ee823ff5baa6af18696b324ebd2

  • SHA1

    05e4b4ae109a155e5a1123e1338dc197cb1591d9

  • SHA256

    95c91ca7da1e9a2f7190c32c8ce50d3f01c33eb4f5e51b1f303018f22fafbfa7

  • SHA512

    126f4dd8a0134c47d8e5247673e9ef8dd75b2e5066340fa19154b42b794f5ef225b78b7614b3d87d3eb6007219cae0563293671312ecb2fb453612915a1ae48b

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ionos.com
  • Port:
    587
  • Username:
    miguel.chiliguano@sismode.com
  • Password:
    Miguel1.2

Targets

    • Target

      QYT000000.exe

    • Size

      786KB

    • MD5

      a9d1ef91a6839f5894a067c01bae3814

    • SHA1

      0c86bac1ae4a07aa0481da1ab431b70d2695f48b

    • SHA256

      ddfb83a23c35cc2e231b9bcbfe0c0078613ef1ab1c9568223e4a34b6c9d4cbcb

    • SHA512

      f7ec6c043cd38c337209ba389e1fdce4d38745ca8279e3b6499d848e69216f1d852ff738e8cb4a310acf59b5a3dc77cb3ad08841fb5e5130082ab753a587a1b9

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks