General

  • Target

    e15b286f87699f605f729fe3e19eb086.exe

  • Size

    829KB

  • Sample

    221223-g5224sbb61

  • MD5

    e15b286f87699f605f729fe3e19eb086

  • SHA1

    9553fcfd2f8a02499cf18478986c2a37efe6dd01

  • SHA256

    622cc8e52c54af2da4ff1c114f71c6949b3d0f900c83931a9141bc7f91937166

  • SHA512

    b9d42a8b4b7300ba06ce6d00d84caeb8dfd4e8b3dddae92794f35528b165111342b8b05250eeacdeccba9c149b349d20b7d1073d13d98eee9ce9c50b470f0ba7

  • SSDEEP

    24576:ynFdELpCybniAU6nrhXOLX1OYCJYZE3QbkAc7QH80:4FdELpCybniAU6rhXOZvCJcE3Qbkf

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      e15b286f87699f605f729fe3e19eb086.exe

    • Size

      829KB

    • MD5

      e15b286f87699f605f729fe3e19eb086

    • SHA1

      9553fcfd2f8a02499cf18478986c2a37efe6dd01

    • SHA256

      622cc8e52c54af2da4ff1c114f71c6949b3d0f900c83931a9141bc7f91937166

    • SHA512

      b9d42a8b4b7300ba06ce6d00d84caeb8dfd4e8b3dddae92794f35528b165111342b8b05250eeacdeccba9c149b349d20b7d1073d13d98eee9ce9c50b470f0ba7

    • SSDEEP

      24576:ynFdELpCybniAU6nrhXOLX1OYCJYZE3QbkAc7QH80:4FdELpCybniAU6rhXOZvCJcE3Qbkf

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks