General

  • Target

    40987654556000876666000.exe

  • Size

    729KB

  • Sample

    211201-vrzxgsebhn

  • MD5

    5c6f63834c5bbb998cf3f95d1a2657e7

  • SHA1

    5260d3b6a99f2467f113f7ba2cfb0f7b17ef54fd

  • SHA256

    5490e6939acf1ba2ff221b15b71c4b44d033ff34e2ce288d76d4bda25e51fa60

  • SHA512

    cbb055dbee30a22c9033ebe1b3c6cd85cb4d35afc06298c66ca3c8e58ae62fa7590a9222259c71c452b9e222d63735432a8118c363173ba32c04d2f9be43e2d2

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    serv3.devmexico.com
  • Port:
    587
  • Username:
    reservaciones@hoteljuaninos.com.mx
  • Password:
    3}l^pI#_4K_!

Targets

    • Target

      40987654556000876666000.exe

    • Size

      729KB

    • MD5

      5c6f63834c5bbb998cf3f95d1a2657e7

    • SHA1

      5260d3b6a99f2467f113f7ba2cfb0f7b17ef54fd

    • SHA256

      5490e6939acf1ba2ff221b15b71c4b44d033ff34e2ce288d76d4bda25e51fa60

    • SHA512

      cbb055dbee30a22c9033ebe1b3c6cd85cb4d35afc06298c66ca3c8e58ae62fa7590a9222259c71c452b9e222d63735432a8118c363173ba32c04d2f9be43e2d2

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks