ede697a91e18c73baf01ca677aa33917.exe

General
Target

ede697a91e18c73baf01ca677aa33917.exe

Size

634KB

Sample

210727-5n56q626c6

Score
10 /10
MD5

ede697a91e18c73baf01ca677aa33917

SHA1

699f96d0a34bfacd78a8530f507769d5d18dccc5

SHA256

1e2785c94e1501731c09b13b6f8156548704a36dd5b220efab73c06ed4fd6bfc

SHA512

7725d2f003a2aeecfe85dff03654b60ea80914ea39b369d6314443600750f4e13ab04a1c7a0925314e1013af034c0c4640dc3f98b9034851cff6b91c3c518bd9

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: bh-16.webhostbox.net

Port: 587

Username: whesilolog@miratechs.gq

Password: 7213575aceACE@#$

Targets
Target

ede697a91e18c73baf01ca677aa33917.exe

MD5

ede697a91e18c73baf01ca677aa33917

Filesize

634KB

Score
10 /10
SHA1

699f96d0a34bfacd78a8530f507769d5d18dccc5

SHA256

1e2785c94e1501731c09b13b6f8156548704a36dd5b220efab73c06ed4fd6bfc

SHA512

7725d2f003a2aeecfe85dff03654b60ea80914ea39b369d6314443600750f4e13ab04a1c7a0925314e1013af034c0c4640dc3f98b9034851cff6b91c3c518bd9

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10