Overview

overview

10

Static

static

Bank Details.pdf.exe

windows7_x64

10

Bank Details.pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bank Details.pdf.exe

  • Size

    941KB

  • Sample

    211208-sy9ddshdbj

  • MD5

    f6364d9a25ab4da10cdb824f176369ae

  • SHA1

    28bbfe91585b104e1791232ca913d1c85ed2598c

  • SHA256

    7eb7635b0fbd7875fddaf9cf4b5c338fe936a8dd699166ce7c61fc693d906bb6

  • SHA512

    9baf9d340a64a6846fd8d1b61ea4f3d187391300354b6dce67f7e0851510a18e9d42ded6b87997064e52f0d133db46383de13d7099362c81e7722ec7b42e6205

Score
10/10
snakekeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.agc.com.sa
  • Port:
    587
  • Username:
    vijayakumar.singh@agc.com.sa
  • Password:
    admin@admin$$

Targets

    • Target

      Bank Details.pdf.exe

    • Size

      941KB

    • MD5

      f6364d9a25ab4da10cdb824f176369ae

    • SHA1

      28bbfe91585b104e1791232ca913d1c85ed2598c

    • SHA256

      7eb7635b0fbd7875fddaf9cf4b5c338fe936a8dd699166ce7c61fc693d906bb6

    • SHA512

      9baf9d340a64a6846fd8d1b61ea4f3d187391300354b6dce67f7e0851510a18e9d42ded6b87997064e52f0d133db46383de13d7099362c81e7722ec7b42e6205

    Score
    10/10
    snakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks