General

  • Target

    IB_23071847557_attachment.exe

  • Size

    694KB

  • Sample

    230718-p2cbaaac87

  • MD5

    dee75e523ae85c613fe1cbf269de7e25

  • SHA1

    a6b79aec1ab2c19d303b82025515bdd8ea83d4d6

  • SHA256

    ea14e71e40ef5c0214b407a983fc0c540ccccbbde1a8479c55adabe286469589

  • SHA512

    2855444f118dfd1f0586b48d8544ca259249b8a9923f50a3a41d9f53e4e778593917c7f3fb25a8753b7a2da38879b3fe7930d444eaf32196ecd5978333909d0c

  • SSDEEP

    12288:Wf+bDv9BcW9RoIOfb/WT4UkuZOtFdMyvqSq51l2Xtt6A0VXpd5Rha5T+p1YP:WGn1BcW9RoIOfzW/ZO3b8cXtl0V5dFaf

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      IB_23071847557_attachment.exe

    • Size

      694KB

    • MD5

      dee75e523ae85c613fe1cbf269de7e25

    • SHA1

      a6b79aec1ab2c19d303b82025515bdd8ea83d4d6

    • SHA256

      ea14e71e40ef5c0214b407a983fc0c540ccccbbde1a8479c55adabe286469589

    • SHA512

      2855444f118dfd1f0586b48d8544ca259249b8a9923f50a3a41d9f53e4e778593917c7f3fb25a8753b7a2da38879b3fe7930d444eaf32196ecd5978333909d0c

    • SSDEEP

      12288:Wf+bDv9BcW9RoIOfb/WT4UkuZOtFdMyvqSq51l2Xtt6A0VXpd5Rha5T+p1YP:WGn1BcW9RoIOfzW/ZO3b8cXtl0V5dFaf

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks