General

  • Target

    CA0001758617120.exe

  • Size

    573KB

  • Sample

    230718-pz7z6sba8v

  • MD5

    47670e60734e3841f76167ffe1e135d3

  • SHA1

    7ad2880b7ba30938f4ddfdb610102bf5e3fa5fad

  • SHA256

    f11985ed8f09689544e4eee025a8526c59de67423874d4fb8a33b73da723edb9

  • SHA512

    72867bbe33250de4cdbb5acb31ebb7b07fe49d929a901b66b5077cc8f289194a92d8d40627b97a561517c0560940c9767e501162db9e7b032d78ebd13bc24155

  • SSDEEP

    12288:omAY2kcdbL4EfQVUsQ1dUUmFtP3uOnwlDMM7W3iGaC9hwpFTe/:NN6GEfjsQ1dUUwd3glDxcwpQ

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      CA0001758617120.exe

    • Size

      573KB

    • MD5

      47670e60734e3841f76167ffe1e135d3

    • SHA1

      7ad2880b7ba30938f4ddfdb610102bf5e3fa5fad

    • SHA256

      f11985ed8f09689544e4eee025a8526c59de67423874d4fb8a33b73da723edb9

    • SHA512

      72867bbe33250de4cdbb5acb31ebb7b07fe49d929a901b66b5077cc8f289194a92d8d40627b97a561517c0560940c9767e501162db9e7b032d78ebd13bc24155

    • SSDEEP

      12288:omAY2kcdbL4EfQVUsQ1dUUmFtP3uOnwlDMM7W3iGaC9hwpFTe/:NN6GEfjsQ1dUUwd3glDxcwpQ

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks