General

  • Target

    Invoice.pdf.exe

  • Size

    801KB

  • Sample

    221003-jptf5sfdcj

  • MD5

    0ac8dc57afaa12f8955181cc440f7ba0

  • SHA1

    62d76547c347a9055345dea624e8470c0c4ed418

  • SHA256

    f5ab7866190abc14eddca1da11101e7f76ff08abce7c73350f15fd6f5ceda77a

  • SHA512

    fb8f23bed536a0d5b1dd25060ccfabea7eaefcb7c1913b40a11e525bf06b3d20992c77916a43501f812ca2f04d68fd130e04c17aa19820e332e2f1098128c20b

  • SSDEEP

    6144:3pCJwYYJJD5GZ1E+nIIL6O4jUXypxhgRSHehXI2hz7YWwV0CUPNgqede3sMhOG3B:55KGOIUzRhXI2hgrnUpCe3NrnK4HTN

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.stilltech.ro
  • Port:
    587
  • Username:
    office@stilltech.ro
  • Password:
    eurobit555ro
  • Email To:
    graceunlimited153@gmail.com

Targets

    • Target

      Invoice.pdf.exe

    • Size

      801KB

    • MD5

      0ac8dc57afaa12f8955181cc440f7ba0

    • SHA1

      62d76547c347a9055345dea624e8470c0c4ed418

    • SHA256

      f5ab7866190abc14eddca1da11101e7f76ff08abce7c73350f15fd6f5ceda77a

    • SHA512

      fb8f23bed536a0d5b1dd25060ccfabea7eaefcb7c1913b40a11e525bf06b3d20992c77916a43501f812ca2f04d68fd130e04c17aa19820e332e2f1098128c20b

    • SSDEEP

      6144:3pCJwYYJJD5GZ1E+nIIL6O4jUXypxhgRSHehXI2hz7YWwV0CUPNgqede3sMhOG3B:55KGOIUzRhXI2hgrnUpCe3NrnK4HTN

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks