Overview

overview

10

Static

static

MACHINE SP...ON.exe

windows7_x64

10

MACHINE SP...ON.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MACHINE SPECIFICATION.exe

  • Size

    1.2MB

  • Sample

    210727-ym7v4c2w3a

  • MD5

    6a11c624b323f7c78e5a3f0d46f59fbe

  • SHA1

    c93b35bf571a244b3bfc27c9039f5c1907fad50c

  • SHA256

    f66c718e38d68b259ceb5ca45b599645e8c569e9bcccfe2d36309f32157dd60e

  • SHA512

    2eac7917c1f47456fcc2fa2cbd02767e62c7e84cadb6803d4d16d7e17c088ce4c89ac34e018eeb2c3332a400b93f0ed64d58e7e2d0dec37200795a0fc1a384ba

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.forkmeasuring.com
  • Port:
    587
  • Username:
    eu@forkmeasuring.com
  • Password:
    eu20192019#

Targets

    • Target

      MACHINE SPECIFICATION.exe

    • Size

      1.2MB

    • MD5

      6a11c624b323f7c78e5a3f0d46f59fbe

    • SHA1

      c93b35bf571a244b3bfc27c9039f5c1907fad50c

    • SHA256

      f66c718e38d68b259ceb5ca45b599645e8c569e9bcccfe2d36309f32157dd60e

    • SHA512

      2eac7917c1f47456fcc2fa2cbd02767e62c7e84cadb6803d4d16d7e17c088ce4c89ac34e018eeb2c3332a400b93f0ed64d58e7e2d0dec37200795a0fc1a384ba

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks