General

  • Target

    c6420a8447c3f86b047b16a83e1e63b4.exe

  • Size

    126KB

  • Sample

    230505-r1kx5sba99

  • MD5

    c6420a8447c3f86b047b16a83e1e63b4

  • SHA1

    c25c1cdc71b646f6948e556c3360e88f4b246514

  • SHA256

    8a49431fd4fd9885e25e9cebac5d65cc87d4de950165b5935c9faa642d28b812

  • SHA512

    c812da990bf127cd3c18dea75799a6a4ea62d2d13c08bf8ff8b9a54a3892215307ffc6f8f14e92fa77ee1c70ede3b19c405cf55943b384513be20d5b80049517

  • SSDEEP

    3072:bJR6rIkQMsvS4nnK0eOybYlvMHfBBuFbY:GUtdn3eNbYv6ab

Malware Config

Extracted

Family

snakekeylogger

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.condominioaocubo.pt
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Qualidade.c3.2018

Targets

    • Target

      c6420a8447c3f86b047b16a83e1e63b4.exe

    • Size

      126KB

    • MD5

      c6420a8447c3f86b047b16a83e1e63b4

    • SHA1

      c25c1cdc71b646f6948e556c3360e88f4b246514

    • SHA256

      8a49431fd4fd9885e25e9cebac5d65cc87d4de950165b5935c9faa642d28b812

    • SHA512

      c812da990bf127cd3c18dea75799a6a4ea62d2d13c08bf8ff8b9a54a3892215307ffc6f8f14e92fa77ee1c70ede3b19c405cf55943b384513be20d5b80049517

    • SSDEEP

      3072:bJR6rIkQMsvS4nnK0eOybYlvMHfBBuFbY:GUtdn3eNbYv6ab

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks