Overview

overview

10

Static

static

10

0014c57bfd...3b.exe

windows10-1703-x64

10

0014c57bfd...3b.exe

windows10-2004-x64

10

660e3fcc23...81.exe

windows10-1703-x64

7

660e3fcc23...81.exe

windows10-2004-x64

7

9dc5600bed...30.exe

windows10-1703-x64

10

9dc5600bed...30.exe

windows10-2004-x64

10

Acwpn.exe

windows10-1703-x64

10

Acwpn.exe

windows10-2004-x64

7

DHL SHIPPI...DF.exe

windows10-1703-x64

10

DHL SHIPPI...DF.exe

windows10-2004-x64

10

Halkbank_E...f..exe

windows10-1703-x64

10

Halkbank_E...f..exe

windows10-2004-x64

10

INVOICEXAN...LS.rtf

windows10-1703-x64

1

INVOICEXAN...LS.rtf

windows10-2004-x64

1

Maersk Shi...cs.exe

windows10-1703-x64

10

Maersk Shi...cs.exe

windows10-2004-x64

10

ORDER INQU...01.exe

windows10-1703-x64

10

ORDER INQU...01.exe

windows10-2004-x64

10

PO-8372929.xls

windows10-1703-x64

1

PO-8372929.xls

windows10-2004-x64

1

QUOTATION 1.rtf

windows10-1703-x64

1

QUOTATION 1.rtf

windows10-2004-x64

1

Quotation.rtf

windows10-1703-x64

1

Quotation.rtf

windows10-2004-x64

1

e1cf593726...1b.exe

windows10-1703-x64

10

e1cf593726...1b.exe

windows10-2004-x64

10

macintosh.xlsx

windows10-1703-x64

1

macintosh.xlsx

windows10-2004-x64

1

Resubmissions

01-02-2023 17:02

230201-vj6p3aah39 10

01-02-2023 17:00

230201-vjf5eacg4s 10

01-02-2023 16:57

230201-vgbrxacg2y 10

Analysis

  • max time kernel
    363s
  • max time network
    426s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01-02-2023 17:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0014c57bfd62d2929bbad91d67b77c3b.exe

  • Size

    152KB

  • MD5

    0014c57bfd62d2929bbad91d67b77c3b

  • SHA1

    769f34b854bdd2a4eeb7d09f9bbe9177beae0ad4

  • SHA256

    c406f839b93838e2a8a4d1b0fd0b2b498576bc947ea71f0786d6f16a6b98b945

  • SHA512

    1e8ad11bd0b50de61c25623b79f6b2ccbe1e857f9172df86122cd0a94c472a1b32fc738e9389e491523e8520b0a5db844e039ae520791576869803a3fa351797

  • SSDEEP

    1536:SAgzEJRCRjTZ13uJjuBYHj0I+vBUFrlYYLDkrwsDQau8IzR+MFq9eQbb/UUcGSiL:SAgAEzoHj/LDdJwb8UcGSQwBj2iFbY

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5801425382:AAG5b4PUEaqNDv5uP9ejZGeIHeuzzOD4IHY/sendMessage?chat_id=5812329204

Signatures

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger
  • Snake Keylogger payload 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0014c57bfd62d2929bbad91d67b77c3b.exe
    "C:\Users\Admin\AppData\Local\Temp\0014c57bfd62d2929bbad91d67b77c3b.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:4776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4776-120-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-121-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-122-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-123-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-124-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-125-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-126-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-127-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-128-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-129-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-130-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-131-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-133-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-134-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-132-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-135-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-136-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-137-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-139-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-140-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-138-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-143-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-142-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-141-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-144-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-145-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-146-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-147-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-148-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-149-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-150-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-151-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-152-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-153-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-154-0x0000000000460000-0x0000000000486000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4776-155-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-156-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-157-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-158-0x00000000052A0000-0x000000000579E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4776-159-0x0000000004CB0000-0x0000000004D4C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4776-160-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-161-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-165-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-166-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-168-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-167-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-164-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-163-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-169-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-162-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-170-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-171-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-172-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-173-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-174-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-175-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-176-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-177-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-179-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-180-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-183-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-185-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-184-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-186-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-182-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-181-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-178-0x00000000776F0000-0x000000007787E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4776-191-0x0000000005F00000-0x00000000060C2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4776-192-0x0000000005DD0000-0x0000000005E62000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4776-195-0x0000000005D70000-0x0000000005D7A000-memory.dmp

    Filesize

    40KB

    Download