Overview

overview

10

Static

static

3

Cfoc 00109839.exe

windows7-x64

10

Cfoc 00109839.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Swift Cfoc 00109839.zip

  • Size

    476KB

  • Sample

    230519-jspblafe5s

  • MD5

    60f1d7ec562490c276e0b9a8ee392ce9

  • SHA1

    9b1893dabc419c1e5c7272e7087df175f498f5ea

  • SHA256

    5671e8620e226434a8fb98ffcf9f9ea1483c809b774f532453d650a412795cd4

  • SHA512

    af4adb2ba3680c181f0cdcae49a940b4b3f6336d78a532adb81ad1c78d028b559aa940bdab27e528282d83d28e4ebc9278cd3525f356e9a33c53e8a6cec3a25b

  • SSDEEP

    12288:Pqs9T1guN7pTpyawZXNVrr7hpZq3apq5ZLy6VncpW1OV3F8d:hhNFpJwZ7Fpq5ZLPVWW1eS

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    valleycountysar.org
  • Port:
    26
  • Username:
    [email protected]
  • Password:
    *3[[5%uK*Zph

Targets

    • Target

      Cfoc 00109839.exe

    • Size

      651KB

    • MD5

      6cb10f53add5ee1bfbf0928c9a8412c9

    • SHA1

      32d9db653054f39c4af19d9cb45a092d42abed6b

    • SHA256

      a5daa13bcab440154c01d336ff4a9dbf4ff40ece572ce781557a47641fe01de4

    • SHA512

      b1e3b974ed653abd90b157a2c0045faba107e96e8677b370eb3c8452f04315368bc719a29c827698e1f6206710243a3b38b1faa72e92d7a1694739acc0f00cd5

    • SSDEEP

      12288:hqB6dwaYSON8lSEkw5PjRGJmGDpZS3apK5HjhTI61N7:hq0waqNAewtjRG9pK5HjhTI6X7

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks