Overview

overview

10

Static

static

INV0021800.exe

windows7-x64

10

INV0021800.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INV0021800.exe

  • Size

    280KB

  • Sample

    221003-hsnjmacda4

  • MD5

    4da27060065354c79ade40db0732ca01

  • SHA1

    7f1e1d37eab023190a2529048caf55c0447e56a3

  • SHA256

    477ea88234cf1fd26570b7bdaf1d8b695d16a8b984ea0e4ef8f09c655a0f35db

  • SHA512

    478a8267fbef8751a4ccfea53f58e26de6824a2df82cde62b1c5625ad1a46e7d8a58cb9daf89631f144901b1adc8264bf2efdcaf2e87c31e522d6b7c71d5fec1

  • SSDEEP

    6144:kY9lSSxmJp3s8aRA1iHF/Tb1rcOyEr6zzWVhJms7BU+J3LbFe:kqSSShs/AATJcLEr6zzWVhZdrJ3LY

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5798068653:AAGKgOdYJyk9qm4DWZF93yUQ5gS6RyZYijc/sendMessage?chat_id=1277896104

Targets

    • Target

      INV0021800.exe

    • Size

      280KB

    • MD5

      4da27060065354c79ade40db0732ca01

    • SHA1

      7f1e1d37eab023190a2529048caf55c0447e56a3

    • SHA256

      477ea88234cf1fd26570b7bdaf1d8b695d16a8b984ea0e4ef8f09c655a0f35db

    • SHA512

      478a8267fbef8751a4ccfea53f58e26de6824a2df82cde62b1c5625ad1a46e7d8a58cb9daf89631f144901b1adc8264bf2efdcaf2e87c31e522d6b7c71d5fec1

    • SSDEEP

      6144:kY9lSSxmJp3s8aRA1iHF/Tb1rcOyEr6zzWVhJms7BU+J3LbFe:kqSSShs/AATJcLEr6zzWVhZdrJ3LY

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks