Overview

overview

10

Static

static

Payment 05-08-22.exe

windows7-x64

10

Payment 05-08-22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment 05-08-22.exe

  • Size

    341KB

  • Sample

    220806-hw7fxaech8

  • MD5

    54827a45e0eec3ecb462066523d63e6c

  • SHA1

    7c7a87429e9533c14497c799c085825ca68f5b4a

  • SHA256

    ee81c7498b4343a8c9353957777a74cf2f615b3b0d8a09846eb06fcde700de63

  • SHA512

    0c305685f8f3f1df118fcd75bac38c6c28205ea2690576231f5ae4df69b6d9ea685ec29d1fc1bcaa5c2309d94053addcccab8078cf77a30748ed5ccb32036116

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5410455012:AAE1SHAu8VAoPkLETxqziCFDZfyqp8DD7SA/sendMessage?chat_id=2008035906

Targets

    • Target

      Payment 05-08-22.exe

    • Size

      341KB

    • MD5

      54827a45e0eec3ecb462066523d63e6c

    • SHA1

      7c7a87429e9533c14497c799c085825ca68f5b4a

    • SHA256

      ee81c7498b4343a8c9353957777a74cf2f615b3b0d8a09846eb06fcde700de63

    • SHA512

      0c305685f8f3f1df118fcd75bac38c6c28205ea2690576231f5ae4df69b6d9ea685ec29d1fc1bcaa5c2309d94053addcccab8078cf77a30748ed5ccb32036116

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks