General

  • Target

    a18531a70b1cb63cc6aafae0220109c9.exe

  • Size

    420KB

  • Sample

    230801-mr8wdsfc49

  • MD5

    a18531a70b1cb63cc6aafae0220109c9

  • SHA1

    55d23deadcf9dd35419e317e6dbef569d7d761e1

  • SHA256

    4ea05268962825997751d50f975c217ee9e5cde265fefa4a5335ef2f39730852

  • SHA512

    e1f64379270dad155548389dfa8eb569882143a8704af309ecce434cd339b95c8161e04fb0ec030fececacc63d408643c65f8648e215f9310822e112c1708296

  • SSDEEP

    12288:D6A/Q6KbxBgxBi36bXQPiTbdrdR6DCpCr:D6sQ62426

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      a18531a70b1cb63cc6aafae0220109c9.exe

    • Size

      420KB

    • MD5

      a18531a70b1cb63cc6aafae0220109c9

    • SHA1

      55d23deadcf9dd35419e317e6dbef569d7d761e1

    • SHA256

      4ea05268962825997751d50f975c217ee9e5cde265fefa4a5335ef2f39730852

    • SHA512

      e1f64379270dad155548389dfa8eb569882143a8704af309ecce434cd339b95c8161e04fb0ec030fececacc63d408643c65f8648e215f9310822e112c1708296

    • SSDEEP

      12288:D6A/Q6KbxBgxBi36bXQPiTbdrdR6DCpCr:D6sQ62426

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks