fatura.exe

General
Target

fatura.exe

Size

1MB

Sample

210727-j1z1kaxz8s

Score
10 /10
MD5

6a9d0ec45e52137abf05b546151dc664

SHA1

2ea215c3bac1316746fb0ddb9ad7be216a596220

SHA256

9c247a73a2b93a70b14c37b1dbf564f38db8bb9a0e7160de1971655a4e02950a

SHA512

4b0a78c6da7c010c81d36d1e9ae70b60059e1e19b589221329bb447d798db0b36015e07fe7c282fc0250b409845376dd8e1651725cd8783883084d9891de994e

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: mail.ergrafica.com.ar

Port: 587

Username: trabajos@ergrafica.com.ar

Password: 25834931Cecilia

Targets
Target

fatura.exe

MD5

6a9d0ec45e52137abf05b546151dc664

Filesize

1MB

Score
10 /10
SHA1

2ea215c3bac1316746fb0ddb9ad7be216a596220

SHA256

9c247a73a2b93a70b14c37b1dbf564f38db8bb9a0e7160de1971655a4e02950a

SHA512

4b0a78c6da7c010c81d36d1e9ae70b60059e1e19b589221329bb447d798db0b36015e07fe7c282fc0250b409845376dd8e1651725cd8783883084d9891de994e

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10