DHL 4677348255142.exe

General
Target

DHL 4677348255142.exe

Size

606KB

Sample

210504-fzrtf5ejsn

Score
10 /10
MD5

4eb10dfd43a4d6415e554316cd1bc288

SHA1

0a488404456576535cb7acbbaa948fc5053f30f5

SHA256

6cf104c9a72fd0d57d3a9e6be82836cb66e74a89cac1890d36a37c8d7452cd8c

SHA512

9605a587666642348e3b0c56b3f98b190e3c74f5aa3b42255e30148d6168473ec8990d71e813c12ecf84e4e6b8f01b5bd84ef6372050eff88402704eb3c2c44c

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: mail.almatls.com

Port: 587

Username: ewalogs@almatls.com

Password: 0c0qf7xTL1

Targets
Target

DHL 4677348255142.exe

MD5

4eb10dfd43a4d6415e554316cd1bc288

Filesize

606KB

Score
10 /10
SHA1

0a488404456576535cb7acbbaa948fc5053f30f5

SHA256

6cf104c9a72fd0d57d3a9e6be82836cb66e74a89cac1890d36a37c8d7452cd8c

SHA512

9605a587666642348e3b0c56b3f98b190e3c74f5aa3b42255e30148d6168473ec8990d71e813c12ecf84e4e6b8f01b5bd84ef6372050eff88402704eb3c2c44c

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Snake Keylogger Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks