General

  • Target

    0c9d6d9180321e740f823f4a5d5d356cefdf7211d264401a6ccc61fa3cd6728fexe_JC.exe

  • Size

    456KB

  • Sample

    230806-laqg2saa7s

  • MD5

    1ad7213fc35b76e52a5278afd382c8dc

  • SHA1

    4549bd31a3f09c8bc48bc763d3d2387b63bfe0b0

  • SHA256

    0c9d6d9180321e740f823f4a5d5d356cefdf7211d264401a6ccc61fa3cd6728f

  • SHA512

    09a33b0d959e832d9b6fc9c47e6f5d2642655714f63e88d2f23987c8314896b6bc7d590a1657b6deda27dc96eb081394b5d2c397d56d0b3fb8de36fc59a90b03

  • SSDEEP

    12288:NWHCM2K4CGcmpn4XkGtSDOidayNXODXC:n3CGv1LqPDX

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      0c9d6d9180321e740f823f4a5d5d356cefdf7211d264401a6ccc61fa3cd6728fexe_JC.exe

    • Size

      456KB

    • MD5

      1ad7213fc35b76e52a5278afd382c8dc

    • SHA1

      4549bd31a3f09c8bc48bc763d3d2387b63bfe0b0

    • SHA256

      0c9d6d9180321e740f823f4a5d5d356cefdf7211d264401a6ccc61fa3cd6728f

    • SHA512

      09a33b0d959e832d9b6fc9c47e6f5d2642655714f63e88d2f23987c8314896b6bc7d590a1657b6deda27dc96eb081394b5d2c397d56d0b3fb8de36fc59a90b03

    • SSDEEP

      12288:NWHCM2K4CGcmpn4XkGtSDOidayNXODXC:n3CGv1LqPDX

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks