General

  • Target

    Quote List-20072023.exe

  • Size

    646KB

  • Sample

    230721-gjk7gach21

  • MD5

    a7cf29033f097beff4bc39dc0e77c45e

  • SHA1

    0451133dab0c64dbe9ae04842411a65d50cf1876

  • SHA256

    12c5352cc9750a19809c7d53b16d811ae93f96ba0326e5a3640e8ac5177d3f20

  • SHA512

    3632f7472c2381855dfe05dcdcb551aafd7c512b857a712a1a5ca53ccdb4f9eb2884a37f655d614645c0eb20f42d6b8a6832eabb77e26bf3847d5f9aa293fc64

  • SSDEEP

    12288:VBq7S6ln+flo/XciMv42gETW4+2W8w9kqhzGKS8zfUF2c0CUA8fEyHHXcy+:zqmTdCjE4Ji+2W8w9PhzGKSnF2fX5H37

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Quote List-20072023.exe

    • Size

      646KB

    • MD5

      a7cf29033f097beff4bc39dc0e77c45e

    • SHA1

      0451133dab0c64dbe9ae04842411a65d50cf1876

    • SHA256

      12c5352cc9750a19809c7d53b16d811ae93f96ba0326e5a3640e8ac5177d3f20

    • SHA512

      3632f7472c2381855dfe05dcdcb551aafd7c512b857a712a1a5ca53ccdb4f9eb2884a37f655d614645c0eb20f42d6b8a6832eabb77e26bf3847d5f9aa293fc64

    • SSDEEP

      12288:VBq7S6ln+flo/XciMv42gETW4+2W8w9kqhzGKS8zfUF2c0CUA8fEyHHXcy+:zqmTdCjE4Ji+2W8w9PhzGKSnF2fX5H37

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks