Overview

overview

10

Static

static

STSGN5512604-pdf.exe

windows7_x64

10

STSGN5512604-pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    STSGN5512604-pdf.lz

  • Size

    649KB

  • Sample

    210721-m72bsbww6j

  • MD5

    06b3553772d348ab1932eb0c5f485ac2

  • SHA1

    d5d6a2df2b0009f13a6aadb7253f1d95e9be7ce8

  • SHA256

    63241bbcdda9b9030690adcc937f3e0b0a88bac2403aeafb4842c8a062357326

  • SHA512

    ed54ffa268a12546cc060c46b4d0ae05dca01217fd9f76afec6f03c0ae11f504ab232f1fcac3e54e232b762143827457410b01a91fa72d834216198a3aabb49a

Score
10/10
snakekeyloggerkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Chukwudim28@

Targets

    • Target

      STSGN5512604-pdf.exe

    • Size

      1.1MB

    • MD5

      2eccc78b0dec8abf7d68f05b68d3a32d

    • SHA1

      b8e622ea878201d9567696a18cd8b189f688c178

    • SHA256

      2abb4cd91f5fd1f88d13d666dce9fb2c88e5d650669472059f99cac4d012c3be

    • SHA512

      54389e6a2850911973d3e3ce3d7ed1cf89648a71815bd9212dc07b24548598b1c6db1451bd665427d777e8c99c34550dad67685420c352ef46db816093d25b20

    Score
    10/10
    snakekeyloggerkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks