General

  • Target

    ScanOrder.pdf.exe

  • Size

    344KB

  • Sample

    210620-bpvxrnfq2n

  • MD5

    64bdce55d3318e4294055d873f1741c6

  • SHA1

    e36ba27206a698291d1d70278820afe50932070f

  • SHA256

    7d589e38568ed522cd280ee2628cbafa359d65d45cc517277983ccb1c1b32f12

  • SHA512

    ada56fa5b55084651ff6817c8be9d575acc925631804e26510547499dd97f934f91a9e58f18b0a06848b560b59e732024fc084743977b4871daf20126e8b559b

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.bartolinicompany.info
  • Port:
    587
  • Username:
    snake@bartolinicompany.info
  • Password:
    QAZqaz123@

Targets

    • Target

      ScanOrder.pdf.exe

    • Size

      344KB

    • MD5

      64bdce55d3318e4294055d873f1741c6

    • SHA1

      e36ba27206a698291d1d70278820afe50932070f

    • SHA256

      7d589e38568ed522cd280ee2628cbafa359d65d45cc517277983ccb1c1b32f12

    • SHA512

      ada56fa5b55084651ff6817c8be9d575acc925631804e26510547499dd97f934f91a9e58f18b0a06848b560b59e732024fc084743977b4871daf20126e8b559b

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks