General

  • Target

    PO#43576300.exe

  • Size

    1.2MB

  • Sample

    221003-jptf5sfdcm

  • MD5

    f2e7ffb24a4bc32e9ab865eb9d87b882

  • SHA1

    6c6069001b11b2e828a599a42f823dfe38dc851b

  • SHA256

    f814f4fe8d450dc8cfc62cde57a5e4a2e72bb758f1c2d71f8483ab20315a571b

  • SHA512

    63c73c2885e35aba26d377e071ed6de3c3baebdf885ddd0c16a4f72bf5e7a308e6f670f445d4431931d325245f389fba71ddd96ff7471f01fdf5f5538520a543

  • SSDEEP

    12288:mDh0K4HTN1B2YpVDjhXGAmRnp4pTXlHpIL+6ADjWMitERWc:N8qj8Aop4p7le+6+iMFW

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5587666659:AAG8NrrXJQs__dhk8nLJBFOspz2my8OVpX0/sendMessage?chat_id=5569775004

Targets

    • Target

      PO#43576300.exe

    • Size

      1.2MB

    • MD5

      f2e7ffb24a4bc32e9ab865eb9d87b882

    • SHA1

      6c6069001b11b2e828a599a42f823dfe38dc851b

    • SHA256

      f814f4fe8d450dc8cfc62cde57a5e4a2e72bb758f1c2d71f8483ab20315a571b

    • SHA512

      63c73c2885e35aba26d377e071ed6de3c3baebdf885ddd0c16a4f72bf5e7a308e6f670f445d4431931d325245f389fba71ddd96ff7471f01fdf5f5538520a543

    • SSDEEP

      12288:mDh0K4HTN1B2YpVDjhXGAmRnp4pTXlHpIL+6ADjWMitERWc:N8qj8Aop4p7le+6+iMFW

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Tasks