General

  • Target

    EX895576850790.exe

  • Size

    771KB

  • Sample

    230722-j95pxaae51

  • MD5

    0bad4547541e72660bd3c12321e7d1e1

  • SHA1

    0fd44ffc3a003dbaed7b8f1043da1a954346ac03

  • SHA256

    67a03c34c684a2771205a064937b3d6ec088d751c46b6ca6f1b191c7143932cc

  • SHA512

    dc7f6cc51939a2b43c64dabdafa3e7de249ec0d6801325954619dee7f92e5ed74654f53f49ae2cac55f79429d29c6f39e7db4da59c3c9049b6bdfba8a10d6e94

  • SSDEEP

    12288:8SjXmmsQnGHAax3wBHDHaaZbtVc1kTF2jNrgQ7EzG6sV:D7mmoHmHakrqY25rI

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      EX895576850790.exe

    • Size

      771KB

    • MD5

      0bad4547541e72660bd3c12321e7d1e1

    • SHA1

      0fd44ffc3a003dbaed7b8f1043da1a954346ac03

    • SHA256

      67a03c34c684a2771205a064937b3d6ec088d751c46b6ca6f1b191c7143932cc

    • SHA512

      dc7f6cc51939a2b43c64dabdafa3e7de249ec0d6801325954619dee7f92e5ed74654f53f49ae2cac55f79429d29c6f39e7db4da59c3c9049b6bdfba8a10d6e94

    • SSDEEP

      12288:8SjXmmsQnGHAax3wBHDHaaZbtVc1kTF2jNrgQ7EzG6sV:D7mmoHmHakrqY25rI

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks