General

  • Target

    Quote List-789000.exe

  • Size

    572KB

  • Sample

    230718-p2cbaaac86

  • MD5

    92116c2a95014e01082aecf0be665235

  • SHA1

    86c6e4262292efcaf5d340440a3d33e90911320b

  • SHA256

    810321f2b71adcaa676f764693491d2080735c29e509b2a546e32212a2c83ee1

  • SHA512

    dcb9a77be569fcfa47c4b082aa3c0346eb2c5943a66e5d56760e1a78f94fc182b1ae89bfdf0cc140a59e58276b54381bc85971449bdf7a6fb7a7cbaa1df11a44

  • SSDEEP

    12288:CmAY2kcdbL4EfmAGHmOxVtPOJDkirPITrdDWezLws:LN6GEfgOJLzITrF5E

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Quote List-789000.exe

    • Size

      572KB

    • MD5

      92116c2a95014e01082aecf0be665235

    • SHA1

      86c6e4262292efcaf5d340440a3d33e90911320b

    • SHA256

      810321f2b71adcaa676f764693491d2080735c29e509b2a546e32212a2c83ee1

    • SHA512

      dcb9a77be569fcfa47c4b082aa3c0346eb2c5943a66e5d56760e1a78f94fc182b1ae89bfdf0cc140a59e58276b54381bc85971449bdf7a6fb7a7cbaa1df11a44

    • SSDEEP

      12288:CmAY2kcdbL4EfmAGHmOxVtPOJDkirPITrdDWezLws:LN6GEfgOJLzITrF5E

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks