General

  • Target

    b96706157a1d93dda7d037753161f1f0.exe

  • Size

    128KB

  • Sample

    230505-xwt8xaae81

  • MD5

    b96706157a1d93dda7d037753161f1f0

  • SHA1

    1ec4e8dbec4c4d593de40c8a3fbc7ab819894c59

  • SHA256

    379e369213c375ca8d627d44578fb2bac555cc650b20bb24850344ebe3df51d3

  • SHA512

    6bb26ebc98f53b028e557254f46eab4248092619a980b3ff71c68958aa44f0fa6dc37ba325f4a635a2a8bef9b26980520c929c3e1c4e65ebb985ac76173ed410

  • SSDEEP

    1536:FJR6g1Z2Mx7km4THQ6822uS9tAnRpzvevwWRcIbKuJXbMf9piO5BKDF0Kcl:FJR6rIQ23AnRpzC5RnbfqfHfBKDFbY

Malware Config

Extracted

Family

snakekeylogger

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.condominioaocubo.pt
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Qualidade.c3.2018

Targets

    • Target

      b96706157a1d93dda7d037753161f1f0.exe

    • Size

      128KB

    • MD5

      b96706157a1d93dda7d037753161f1f0

    • SHA1

      1ec4e8dbec4c4d593de40c8a3fbc7ab819894c59

    • SHA256

      379e369213c375ca8d627d44578fb2bac555cc650b20bb24850344ebe3df51d3

    • SHA512

      6bb26ebc98f53b028e557254f46eab4248092619a980b3ff71c68958aa44f0fa6dc37ba325f4a635a2a8bef9b26980520c929c3e1c4e65ebb985ac76173ed410

    • SSDEEP

      1536:FJR6g1Z2Mx7km4THQ6822uS9tAnRpzvevwWRcIbKuJXbMf9piO5BKDF0Kcl:FJR6rIQ23AnRpzC5RnbfqfHfBKDFbY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks