General

  • Target

    80B38EE96D32232549C5915D49F0C5917E578641DBA32462B82FBDB6424EC168

  • Size

    42KB

  • Sample

    221123-r1qhmaaa47

  • MD5

    66612228a35fc49664599ad813064ede

  • SHA1

    79babc7435f5d79360af86d82d741134d0a36555

  • SHA256

    80b38ee96d32232549c5915d49f0c5917e578641dba32462b82fbdb6424ec168

  • SHA512

    e8cebb5ecf152197c14705b6866148cef8e1c4a63b619886a5ac3105305b8529b44a6c9faa151a08b01e79cc87ce5030fea38fa7f904a11d81c6b4b42a929e00

  • SSDEEP

    768:0vM6xPMdoqAjQk6Bvp1j8VRQHJ+G+V2eEEzZ0EgpRRXwy8oKviOWtaq:h6pMdQjQDL1j8VRQO2XuZ5I4oWizaq

Malware Config

Targets

    • Target

      doggy test.exe

    • Size

      127KB

    • MD5

      d8f0a62e57cf4ab83ddb142795279709

    • SHA1

      fe323d2aad14923ec0db0d403d7d3c9e602f20ec

    • SHA256

      5522a18ba9169dbcf3eb6db2717749224444c7762ae6bdb954e119085ef38ce6

    • SHA512

      945c51ce6116668c7142d5af5065f30b550f1b233ee043b48ee7c290bfab1ccc7448a2d470b847db230ce29b61e1c49e2927cb7fda3546aa93ae53eb58521a5d

    • SSDEEP

      3072:B09RC2M924nZ3ObhyBwG8b8ydl9wBIUKFbY:+CH9Rw3G8bjdVU+b

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks