Overview

overview

10

Static

static

3

SD0098654578000.exe

windows7-x64

10

SD0098654578000.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SD0098654578000.exe

  • Size

    239KB

  • Sample

    230602-k8fvtsag38

  • MD5

    5770029a5220d4815065acdd4cd9d610

  • SHA1

    1fe65c7fbc10c0ae57c3fa3dad0fc412571e7bfa

  • SHA256

    54933171115c3b98a0e26bfc0e2cb7b2d5e5affa1a99970980cc9bb9599329b3

  • SHA512

    acabf3b97e9bdcd4ef7553f2149e9cfb90e1d61f8b78a4d1145657c7f55fd7b1a150def5869b0d3da16b4e3fde361a5e492d12eaa6f1bc6ecbb8e86084be326a

  • SSDEEP

    6144:V9EfkK97Xtc5abtJINZzZLywEtVpisJv0HpESnMuVy:V9Efk+Xtt4zZLywGVBu+SM+

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.sienkakupeste.com
  • Port:
    587
  • Username:
    info@sienkakupeste.com
  • Password:
    010203sienka++
  • Email To:
    saleseuropower2@yandex.com

Targets

    • Target

      SD0098654578000.exe

    • Size

      239KB

    • MD5

      5770029a5220d4815065acdd4cd9d610

    • SHA1

      1fe65c7fbc10c0ae57c3fa3dad0fc412571e7bfa

    • SHA256

      54933171115c3b98a0e26bfc0e2cb7b2d5e5affa1a99970980cc9bb9599329b3

    • SHA512

      acabf3b97e9bdcd4ef7553f2149e9cfb90e1d61f8b78a4d1145657c7f55fd7b1a150def5869b0d3da16b4e3fde361a5e492d12eaa6f1bc6ecbb8e86084be326a

    • SSDEEP

      6144:V9EfkK97Xtc5abtJINZzZLywEtVpisJv0HpESnMuVy:V9Efk+Xtt4zZLywGVBu+SM+

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks