General

  • Target

    4ff2f77e4d4cf8207749dd70205c6551

  • Size

    565KB

  • Sample

    210727-4f19bzxsxn

  • MD5

    4ff2f77e4d4cf8207749dd70205c6551

  • SHA1

    4f28db25dc9b18f918d9fa74ae85b549a4128e29

  • SHA256

    2b2b2d652f0df53f1bdf4eead3ef92831132eacfef595043033d375dfe91c8ef

  • SHA512

    31b19d87be54214de05cf27ffddbbc6f3f233b86bc5057517da1d11419fb8ecd3bd5b9930171dbbb8984792382915c089a38a34a66538940cde662ee8684335c

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    nnamdi@keithwilliamgroup.com
  • Password:
    )||LHNUQ5wgcszg

Targets

    • Target

      4ff2f77e4d4cf8207749dd70205c6551

    • Size

      565KB

    • MD5

      4ff2f77e4d4cf8207749dd70205c6551

    • SHA1

      4f28db25dc9b18f918d9fa74ae85b549a4128e29

    • SHA256

      2b2b2d652f0df53f1bdf4eead3ef92831132eacfef595043033d375dfe91c8ef

    • SHA512

      31b19d87be54214de05cf27ffddbbc6f3f233b86bc5057517da1d11419fb8ecd3bd5b9930171dbbb8984792382915c089a38a34a66538940cde662ee8684335c

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks