4ff2f77e4d4cf8207749dd70205c6551

General
Target

4ff2f77e4d4cf8207749dd70205c6551

Size

565KB

Sample

210727-4f19bzxsxn

Score
10 /10
MD5

4ff2f77e4d4cf8207749dd70205c6551

SHA1

4f28db25dc9b18f918d9fa74ae85b549a4128e29

SHA256

2b2b2d652f0df53f1bdf4eead3ef92831132eacfef595043033d375dfe91c8ef

SHA512

31b19d87be54214de05cf27ffddbbc6f3f233b86bc5057517da1d11419fb8ecd3bd5b9930171dbbb8984792382915c089a38a34a66538940cde662ee8684335c

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: nnamdi@keithwilliamgroup.com

Password: )||LHNUQ5wgcszg

Targets
Target

4ff2f77e4d4cf8207749dd70205c6551

MD5

4ff2f77e4d4cf8207749dd70205c6551

Filesize

565KB

Score
10 /10
SHA1

4f28db25dc9b18f918d9fa74ae85b549a4128e29

SHA256

2b2b2d652f0df53f1bdf4eead3ef92831132eacfef595043033d375dfe91c8ef

SHA512

31b19d87be54214de05cf27ffddbbc6f3f233b86bc5057517da1d11419fb8ecd3bd5b9930171dbbb8984792382915c089a38a34a66538940cde662ee8684335c

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10