TT Transmitted Copy TRVTT2127468.exe

General
Target

TT Transmitted Copy TRVTT2127468.exe

Size

819KB

Sample

210727-2pklegj8va

Score
10 /10
MD5

427992e6cc9f399060c003ae46389403

SHA1

07cfcd1b19481ddf586f4b84a1d4a6aef2da722a

SHA256

c441b0de54cee442566129507b4f3f0dbcbe6eb42ff24936c6e180a3d93fcdb0

SHA512

2465b2f96899603b6473d193bdc6a4b449ec9040dba12a9842da0d5e12e2cfd5b6d6a97a5725c41062d6d5e9be6f123354863ed030041a5531337426c30b9fdd

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: us2.smtp.mailhostbox.com

Port: 587

Username: admin@evapimlogs.com

Password: BkKMmzZ1

Targets
Target

TT Transmitted Copy TRVTT2127468.exe

MD5

427992e6cc9f399060c003ae46389403

Filesize

819KB

Score
10 /10
SHA1

07cfcd1b19481ddf586f4b84a1d4a6aef2da722a

SHA256

c441b0de54cee442566129507b4f3f0dbcbe6eb42ff24936c6e180a3d93fcdb0

SHA512

2465b2f96899603b6473d193bdc6a4b449ec9040dba12a9842da0d5e12e2cfd5b6d6a97a5725c41062d6d5e9be6f123354863ed030041a5531337426c30b9fdd

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Snake Keylogger Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks