Overview

overview

10

Static

static

uuuuu.exe

windows7_x64

10

uuuuu.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    uuuuu.exe

  • Size

    967KB

  • Sample

    220706-lcla4sbbbk

  • MD5

    4dea6eb1293e16b2448a2f5a1c0c46bb

  • SHA1

    ad4352ac3511daa935b12b6ed30b40145bb0969a

  • SHA256

    0bfb446555fd7fce8f9811cf63297c7653a9d3b6059ede6104a8996420b4695f

  • SHA512

    dab7a41e7eccf9c2439953487f419690518eff7ce06715ecac02e8728585f1cab0e8b657274a43644806f808c5c0e2f3a422858dceb6bbcda4a65776d5562760

Score
10/10
snakekeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mail.ru
  • Port:
    587
  • Username:
    ofixgh@mail.ru
  • Password:
    HNo0YSKYdtVdxOiHgVfj
  • Email To:
    ofixgh@mail.ru

Targets

    • Target

      uuuuu.exe

    • Size

      967KB

    • MD5

      4dea6eb1293e16b2448a2f5a1c0c46bb

    • SHA1

      ad4352ac3511daa935b12b6ed30b40145bb0969a

    • SHA256

      0bfb446555fd7fce8f9811cf63297c7653a9d3b6059ede6104a8996420b4695f

    • SHA512

      dab7a41e7eccf9c2439953487f419690518eff7ce06715ecac02e8728585f1cab0e8b657274a43644806f808c5c0e2f3a422858dceb6bbcda4a65776d5562760

    Score
    10/10
    snakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks