telex SO#1KSZ019769-pdf.exe

General
Target

telex SO#1KSZ019769-pdf.exe

Size

833KB

Sample

210727-vc1kb1xl7x

Score
10 /10
MD5

e745b5bb83dcd7045e2f1e6396d7e074

SHA1

dc415847e2a782d2f714da53bb5a8e2b18a67f1b

SHA256

9cb2740a3219b5aaa8d26ca22bf7a2088d66f1e1c37420dfe8121e0c5f0df2b7

SHA512

40708fde86f4332c705ce90553ad518f8bcc3fe56206ebd4af7020c8a5e6813f69bd294872d35921b234829105f5947de9a905bb15a531ba4b38d4c3ea1fce9f

Malware Config

Extracted

Family snakekeylogger
Credentials

Protocol: smtp

Host: us2.smtp.mailhostbox.com

Port: 25

Username: admin@evapimlogs.com

Password: BkKMmzZ1

Targets
Target

telex SO#1KSZ019769-pdf.exe

MD5

e745b5bb83dcd7045e2f1e6396d7e074

Filesize

833KB

Score
10 /10
SHA1

dc415847e2a782d2f714da53bb5a8e2b18a67f1b

SHA256

9cb2740a3219b5aaa8d26ca22bf7a2088d66f1e1c37420dfe8121e0c5f0df2b7

SHA512

40708fde86f4332c705ce90553ad518f8bcc3fe56206ebd4af7020c8a5e6813f69bd294872d35921b234829105f5947de9a905bb15a531ba4b38d4c3ea1fce9f

Tags

Signatures

  • Snake Keylogger

    Description

    Keylogger and Infostealer first seen in November 2020.

    Tags

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks