General

  • Target

    3fe71522ce5f960304c80b97e6adb728.exe

  • Size

    354KB

  • Sample

    230802-kqevtaeg9y

  • MD5

    3fe71522ce5f960304c80b97e6adb728

  • SHA1

    0d9a69500e417e656bba786275cf71861d02413a

  • SHA256

    f8e0838f1c51682621b32897e221af4ea8248e880a48866de2793ca3dfd3527d

  • SHA512

    bf04ff89482b4e7beab39434e66e0f78ef1a5b3a15ed3b2cb9fd173352594eeb2dfd8031659b539f438542d3592df4b06f70ea394b76fdafba4e366679ba69f5

  • SSDEEP

    6144:Z6ejZRDQ+3HwOU2I6sm3Qtc0fROQNEm9nx9NfC67o0Qam4i:LkoU56sA0cBva9NK67o0QaI

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      3fe71522ce5f960304c80b97e6adb728.exe

    • Size

      354KB

    • MD5

      3fe71522ce5f960304c80b97e6adb728

    • SHA1

      0d9a69500e417e656bba786275cf71861d02413a

    • SHA256

      f8e0838f1c51682621b32897e221af4ea8248e880a48866de2793ca3dfd3527d

    • SHA512

      bf04ff89482b4e7beab39434e66e0f78ef1a5b3a15ed3b2cb9fd173352594eeb2dfd8031659b539f438542d3592df4b06f70ea394b76fdafba4e366679ba69f5

    • SSDEEP

      6144:Z6ejZRDQ+3HwOU2I6sm3Qtc0fROQNEm9nx9NfC67o0Qam4i:LkoU56sA0cBva9NK67o0QaI

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks