General

  • Target

    consignment details.exe

  • Size

    174KB

  • Sample

    210618-assb4gbsh6

  • MD5

    d8a960f613e009eef9f81887a39e7cd0

  • SHA1

    52e658fc0d3d436594c06d1b9a75d2c065622d9f

  • SHA256

    7598d6cadbbded8074763a1e8b0e8c24f125c0ceaf194c9f386acf9e8a811a28

  • SHA512

    441abf3939ada9b4e33f1c6452715295bc375559fb96ff39d15975417eaac78832d97b9b6dcbc67629de5803995a541ca90129fd1c7dae13320c107e8fc9e8ea

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    msonsgroup.in
  • Port:
    587
  • Username:
    speak@msonsgroup.in
  • Password:
    speak2424@

Targets

    • Target

      consignment details.exe

    • Size

      174KB

    • MD5

      d8a960f613e009eef9f81887a39e7cd0

    • SHA1

      52e658fc0d3d436594c06d1b9a75d2c065622d9f

    • SHA256

      7598d6cadbbded8074763a1e8b0e8c24f125c0ceaf194c9f386acf9e8a811a28

    • SHA512

      441abf3939ada9b4e33f1c6452715295bc375559fb96ff39d15975417eaac78832d97b9b6dcbc67629de5803995a541ca90129fd1c7dae13320c107e8fc9e8ea

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks