Overview

overview

10

Static

static

1

2098765434...89.exe

windows7_x64

10

2098765434...89.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20987654345678987456789.exe

  • Size

    808KB

  • Sample

    211203-lr7snagabp

  • MD5

    4e87c7097801540f52ce50ae4049ea58

  • SHA1

    5dd7e8cc8bf7bcf31c5b14266c47903dfc67bb61

  • SHA256

    467fc148b91e2229b4342835534e082337e14293bf346c1c17333a659abd1f0a

  • SHA512

    2e2c1b77cc6dc0e6cb57899d3ed01a8a415864b9f34bb878efb9a387ad5c8e454b5f9fb6eb8d20f17bd6ec8bae152dc8f61719b8617f202949a605242cc7bdb6

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Targets

    • Target

      20987654345678987456789.exe

    • Size

      808KB

    • MD5

      4e87c7097801540f52ce50ae4049ea58

    • SHA1

      5dd7e8cc8bf7bcf31c5b14266c47903dfc67bb61

    • SHA256

      467fc148b91e2229b4342835534e082337e14293bf346c1c17333a659abd1f0a

    • SHA512

      2e2c1b77cc6dc0e6cb57899d3ed01a8a415864b9f34bb878efb9a387ad5c8e454b5f9fb6eb8d20f17bd6ec8bae152dc8f61719b8617f202949a605242cc7bdb6

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks