Overview

overview

10

Static

static

Overdue Invoice.exe

windows7_x64

3

Overdue Invoice.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue Invoice.exe

  • Size

    606KB

  • Sample

    211202-kq1saadedl

  • MD5

    70755074866112b39a6a999612898661

  • SHA1

    086a019502389944d5449ced3b004fca5dc27f4e

  • SHA256

    827cccb1a82b2c9b9391f38bc6ff3fb6ce41f3a4b9db17da871ca56393ade754

  • SHA512

    45b45c73c6ce3c363d966dc9fbbd202c6657f13f9fdfe1ba59d569eda5e45fd0fb95b55ac784469bf660683f6d1163b91c8a66c5e6f26a275bec4310e7e2ae11

Score
10/10
snakekeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.agc.com.sa
  • Port:
    587
  • Username:
    vijayakumar.singh@agc.com.sa
  • Password:
    admin@admin$$

Targets

    • Target

      Overdue Invoice.exe

    • Size

      606KB

    • MD5

      70755074866112b39a6a999612898661

    • SHA1

      086a019502389944d5449ced3b004fca5dc27f4e

    • SHA256

      827cccb1a82b2c9b9391f38bc6ff3fb6ce41f3a4b9db17da871ca56393ade754

    • SHA512

      45b45c73c6ce3c363d966dc9fbbd202c6657f13f9fdfe1ba59d569eda5e45fd0fb95b55ac784469bf660683f6d1163b91c8a66c5e6f26a275bec4310e7e2ae11

    Score
    10/10
    snakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks