General

  • Target

    SKM90882023.exe

  • Size

    938KB

  • Sample

    230512-g26acsca73

  • MD5

    0d0bedb51ff0892dd404bb734697b7c5

  • SHA1

    8f86ae0ba8a146c1f752b5a852f1a8b244178fbc

  • SHA256

    3b16426b7fffcd105a82ef228ea3abda230fe89dfb1c4be3ba57c3573da56831

  • SHA512

    303730a5b90f45a4f7e0777f5a3dbfa4be6ce3ab16ff02571751c335a8c1faea0b1bc68d556e3303ae3594a7d7e7ca47ecef9f32d106858f8b8bf76768ce8eac

  • SSDEEP

    24576:+whh2UGpldavC4dgiqbZQOrXwLfaJKd0aQNN+Fh/X:g+q4XqVtXhwdONN+FZ

Malware Config

Targets

    • Target

      SKM90882023.exe

    • Size

      938KB

    • MD5

      0d0bedb51ff0892dd404bb734697b7c5

    • SHA1

      8f86ae0ba8a146c1f752b5a852f1a8b244178fbc

    • SHA256

      3b16426b7fffcd105a82ef228ea3abda230fe89dfb1c4be3ba57c3573da56831

    • SHA512

      303730a5b90f45a4f7e0777f5a3dbfa4be6ce3ab16ff02571751c335a8c1faea0b1bc68d556e3303ae3594a7d7e7ca47ecef9f32d106858f8b8bf76768ce8eac

    • SSDEEP

      24576:+whh2UGpldavC4dgiqbZQOrXwLfaJKd0aQNN+Fh/X:g+q4XqVtXhwdONN+FZ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks