General

  • Target

    Invoice.exe

  • Size

    911KB

  • Sample

    211207-mxawjsbfg3

  • MD5

    0bc78923cd459f32b22143e218d36f9e

  • SHA1

    6277fdb6265e0910fc8ff723b1cc117d5c3a77c1

  • SHA256

    38cf5f384013f4abee761fc5f076afbf41a44fc270d1fe2c4340dc0d1fa43e4e

  • SHA512

    325fbcaeba29408a80cb45b28baaf0ffc021e789807c42d2c928ffa4e9e5598f8977e1d3df3e6af4e6fe0328cca4a786fd1e94a38d103c58df2c7bb199ba1020

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.agc.com.sa
  • Port:
    587
  • Username:
    vijayakumar.singh@agc.com.sa
  • Password:
    admin@admin$$

Targets

    • Target

      Invoice.exe

    • Size

      911KB

    • MD5

      0bc78923cd459f32b22143e218d36f9e

    • SHA1

      6277fdb6265e0910fc8ff723b1cc117d5c3a77c1

    • SHA256

      38cf5f384013f4abee761fc5f076afbf41a44fc270d1fe2c4340dc0d1fa43e4e

    • SHA512

      325fbcaeba29408a80cb45b28baaf0ffc021e789807c42d2c928ffa4e9e5598f8977e1d3df3e6af4e6fe0328cca4a786fd1e94a38d103c58df2c7bb199ba1020

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks