Overview

overview

10

Static

static

3

INS Rem Cr...py.exe

windows7-x64

10

INS Rem Cr...py.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INS Rem CrdT TT copy.rar

  • Size

    525KB

  • Sample

    230502-xzhdhsea4s

  • MD5

    f501bd428377b0409f3c19b0be19643c

  • SHA1

    d1b655aa1237992853ddb3dc8feb7a24a5cc6b10

  • SHA256

    70d07397898f5f1ff1151749648c1208019f139a4f2a242a0e5759a4a8b5c8fe

  • SHA512

    50db8d03751f38544500be34e8f6bcb6b904a61a25a7cf0002d279d240ca5bee7a1a69832b5b6afba88465a3b91fb0229e8aec5eb7ff64cc56d793840384dd46

  • SSDEEP

    12288:SbSrFv7AWZ2lPCNbjQZO4lhPXchLgekSIICsU4O7XLATfxh:SbS6WmP9Z3HvcCjSIICs5OrLAh

Score
10/10
snakekeyloggerstormkittycollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.bulktz.com.ng
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    u%i2}{;Ma.sv

Targets

    • Target

      INS Rem CrdT TT copy.exe

    • Size

      780KB

    • MD5

      9f9d2eeb4c55962e4771fed02a66ac89

    • SHA1

      1fc000f01ad7c8c55883aaeaceab5bbc5ef3fd77

    • SHA256

      91af5b7dfb0cba2f5a7b77d317adb7fac20692d9f759127ecbd780e23fc4673d

    • SHA512

      6624323775640a844729872e047dff32a7bb6cba6ba2cc801978ab327e1d4c6f0dc4228eb2ca8b8e71df56ce3732621d04cf9c69746f947ec9dbe9304898278c

    • SSDEEP

      12288:DC9PC6YN1Pg+70pKXQlIj5g15BL980v/J11paGdyAwFqJATUR5AzFu9:b5g1z98qZpaGIAAqApu9

    Score
    10/10
    snakekeyloggerstormkittycollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks