Overview

overview

10

Static

static

1

consignmen...ls.exe

windows7_x64

7

consignmen...ls.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    consignment details.rar

  • Size

    160KB

  • Sample

    210618-sevd877872

  • MD5

    8cb33040c9f75754659ac2b3055b84ca

  • SHA1

    0c929ddb43bca71a0862f5f3fbaf724c6139855e

  • SHA256

    8dd5df1ce192b6101814de114129b653f7179714ff4ccd3654769f45ba237bc6

  • SHA512

    91c8504b21849761841133555471a6c2ce69dcd15e049b9339249f2108525b841e971d00395356e17b104e35e894edaed9672329ccd6a5991c836ab7db287f52

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    msonsgroup.in
  • Port:
    587
  • Username:
    speak@msonsgroup.in
  • Password:
    speak2424@

Targets

    • Target

      consignment details.exe

    • Size

      174KB

    • MD5

      d8a960f613e009eef9f81887a39e7cd0

    • SHA1

      52e658fc0d3d436594c06d1b9a75d2c065622d9f

    • SHA256

      7598d6cadbbded8074763a1e8b0e8c24f125c0ceaf194c9f386acf9e8a811a28

    • SHA512

      441abf3939ada9b4e33f1c6452715295bc375559fb96ff39d15975417eaac78832d97b9b6dcbc67629de5803995a541ca90129fd1c7dae13320c107e8fc9e8ea

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks