General

  • Target

    addc1564d69b115e0cb5ff2264614c98dc51107f042e3ea0d93b99e49cf2e94b

  • Size

    731KB

  • Sample

    221129-xreyesbb2s

  • MD5

    cfc1c66cba07daef1e8ac13d5e042e7a

  • SHA1

    10451947894a7af9a06adc619179e00e933fb20a

  • SHA256

    addc1564d69b115e0cb5ff2264614c98dc51107f042e3ea0d93b99e49cf2e94b

  • SHA512

    40972496a2f5d3f2b2b408c90ef026a7c7df040f31af793da63406c37688278a40f011d28dca9c976c1d566fe28768643d374dae4f9e1967919ee87018492bd5

  • SSDEEP

    12288:WOvVmqjryPp7LCMYFx6sdzSEACiy4lCfUZ/4J8wRdd0/Ok9:5mqj0xEkyWCfUt4J8wDdo

Malware Config

Targets

    • Target

      addc1564d69b115e0cb5ff2264614c98dc51107f042e3ea0d93b99e49cf2e94b

    • Size

      731KB

    • MD5

      cfc1c66cba07daef1e8ac13d5e042e7a

    • SHA1

      10451947894a7af9a06adc619179e00e933fb20a

    • SHA256

      addc1564d69b115e0cb5ff2264614c98dc51107f042e3ea0d93b99e49cf2e94b

    • SHA512

      40972496a2f5d3f2b2b408c90ef026a7c7df040f31af793da63406c37688278a40f011d28dca9c976c1d566fe28768643d374dae4f9e1967919ee87018492bd5

    • SSDEEP

      12288:WOvVmqjryPp7LCMYFx6sdzSEACiy4lCfUZ/4J8wRdd0/Ok9:5mqj0xEkyWCfUt4J8wDdo

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Tasks