Overview

overview

10

Static

static

Purchase Order.exe

windows7_x64

10

Purchase Order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.exe

  • Size

    950KB

  • Sample

    211208-hdjbcsgcbr

  • MD5

    9c31f5e68471743116a36daafdcb4786

  • SHA1

    1298ebc4f06c319b05a2b448eaf4931737203d64

  • SHA256

    17e9ee6953eec4fa0a69b8c11e02d4656e41338697a435e58e0fd8bfa1f00183

  • SHA512

    859de421e3f17a090092435348f0bedd8dc276ee90457bf0ad873b7620f57cca9cefc36addb718928e27c68316276f2eafaf73c129637ceb26752dffe2e84373

Score
10/10
snakekeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.agc.com.sa
  • Port:
    587
  • Username:
    vijayakumar.singh@agc.com.sa
  • Password:
    admin@admin$$

Targets

    • Target

      Purchase Order.exe

    • Size

      950KB

    • MD5

      9c31f5e68471743116a36daafdcb4786

    • SHA1

      1298ebc4f06c319b05a2b448eaf4931737203d64

    • SHA256

      17e9ee6953eec4fa0a69b8c11e02d4656e41338697a435e58e0fd8bfa1f00183

    • SHA512

      859de421e3f17a090092435348f0bedd8dc276ee90457bf0ad873b7620f57cca9cefc36addb718928e27c68316276f2eafaf73c129637ceb26752dffe2e84373

    Score
    10/10
    snakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks