General

  • Target

    VBGV76.rar

  • Size

    132KB

  • Sample

    230510-h54flsgf6v

  • MD5

    22a6fafd31505d2cc61518859a8aa2fa

  • SHA1

    b040d20e4df16ccbdeeb1536ab18a69f6e8ed2e7

  • SHA256

    70c336dd30227d3f33a38646f5e5944183586c3d69473b393d9ba31c1308f107

  • SHA512

    01541d7a8ea893b2270d10c33b6abf2a43b3dd566c28b6b6e60a57616c7efc2a875162c69ecb0281a7c1c6fd4d43b67da9a1fc627231452fa72e3b4c00e374cd

  • SSDEEP

    3072:pBfvI+M21Ll/9mgDtauZvQM294EF5l5HGyt214Fo0TEma6r/jsxowrz:pBfvgOF9haiQMNE55rM0Tha6LgLz

Malware Config

Extracted

Family

snakekeylogger

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.bulktz.com.ng
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    u%i2}{;Ma.sv

Targets

    • Target

      VBGV76.exe

    • Size

      153KB

    • MD5

      131918d781ea54849c1b303c9761cdda

    • SHA1

      08ccefda3873d5b6c37c463cf7405922f54a345c

    • SHA256

      769294c8432281947d6123baee322d195bd0a8a88c89fce1aca8762dc1ec3e73

    • SHA512

      31e2041ce40d1cf33cbaf61d043d11d1be82e0a28b3e043cf63bb950ffa6be6bef1b5e50eed41ac0f3459613f3e56fbf7a12a6fa227e04544571cca5272e55b0

    • SSDEEP

      3072:DlLM0l+Q/znsDUnAANPDB9h/WyERzj25q+kbj6LuT2CfUpvZInr3tSEvJrUkNWMN:Dl40X/L5NPDF6R+5q+kbjMu6CfUtZIrD

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks