Overview

overview

10

Static

static

PROJ-9560 ...IP.exe

windows7_x64

10

PROJ-9560 ...IP.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PROJ-9560 - PACKING SLIP.rar

  • Size

    341KB

  • Sample

    210915-g6mc2sdadq

  • MD5

    1f3982b9a4a065c285e7269305852987

  • SHA1

    eae6bbbb9ab7e1b86445b5d588cc88a24e439b40

  • SHA256

    20dd52a855d31e0cad236dca4029c33cedde882834dc72b3c6dfdd016a78388a

  • SHA512

    937dab90019ab5a5d381567ccbeecf17f7073264794486d4c20b0336fa3e498e87eaf39e37d910d2de20f211dd7aa2925e6a0bbb1dec4bb5a00619f6a614058f

Score
10/10
snakekeyloggerkeyloggerspywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.aninditaeng.net
  • Port:
    587
  • Username:
    admin@aninditaeng.net
  • Password:
    t2weClGi1f~7Elps

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.aninditaeng.net
  • Port:
    587
  • Username:
    admin@aninditaeng.net
  • Password:
    t2weClGi1f~7Elps

Targets

    • Target

      PROJ-9560 - PACKING SLIP.exe

    • Size

      756KB

    • MD5

      0b9bcc15a42f77816d676c3290c9615b

    • SHA1

      decaff5d1b1aba6df96d70b1cd8ec4d37f5ee215

    • SHA256

      5adc4cb387d4bb0d2a3c1377a61bac5fa66ba260e5a33f1ca7d65fef695b14d7

    • SHA512

      882e27a4ed7106dbdb7ffbe265cf9843f106cc33c7f9499f2303e71d045ca9fb33ea8c43a040008b232e720a8b6c768ffb26d8efb37784310bcdefec5befd376

    Score
    10/10
    snakekeyloggerkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks