Overview

overview

10

Static

static

bbeb164b90...2c.exe

windows7_x64

10

bbeb164b90...2c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbeb164b901654bacd76fb01a56f272c.exe

  • Size

    581KB

  • Sample

    220704-wjkchacee4

  • MD5

    bbeb164b901654bacd76fb01a56f272c

  • SHA1

    d74f4a55462ef2aed2cca85222cb15706fa9879a

  • SHA256

    18ea892584b28a8f75ad61a8cef9fa24991822a3c85c1d35a9cab8b1752c762e

  • SHA512

    46241e81a1d38d73f995dca84abd5d6e63527b5b41812c771d4825df9fb87f09e055d2cbcaf09d61ca39803c26a2a4484a69000de0be71f4afe602c2514047a3

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    arinzelog@valete.buzz
  • Password:
    7213575aceACE@#$
  • Email To:
    arinze@valete.buzz
C2

https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662

Targets

    • Target

      bbeb164b901654bacd76fb01a56f272c.exe

    • Size

      581KB

    • MD5

      bbeb164b901654bacd76fb01a56f272c

    • SHA1

      d74f4a55462ef2aed2cca85222cb15706fa9879a

    • SHA256

      18ea892584b28a8f75ad61a8cef9fa24991822a3c85c1d35a9cab8b1752c762e

    • SHA512

      46241e81a1d38d73f995dca84abd5d6e63527b5b41812c771d4825df9fb87f09e055d2cbcaf09d61ca39803c26a2a4484a69000de0be71f4afe602c2514047a3

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks