General

  • Target

    fe2c051a9160b6207a186110b585a5b8.exe

  • Size

    609KB

  • Sample

    230806-p73enabf91

  • MD5

    fe2c051a9160b6207a186110b585a5b8

  • SHA1

    2b8b55fc8831150639c3dd3f531dd41cbec5408c

  • SHA256

    96a6df07b7d331cd6fb9f97e7d3f2162e56f03b7f2b7cdad58193ac1d778e025

  • SHA512

    b0d1dfdafcc7d9a9892b01a3ca22c2ff4ccbf9e4ed2c4567d9664210ee2f3e8bf4f7a8a229997d39189844d61b57e98d1543100bb7494c4bcf1ddf6bcbe1fdfe

  • SSDEEP

    12288:sJwCjrhy3QCS3hDCKzgLAq4dEBRdotb4qhObg6Qd4wlTVeoMbSn:EwCjrhy3QCSBzm44oF45H0bmO

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    alibaba.com

Targets

    • Target

      fe2c051a9160b6207a186110b585a5b8.exe

    • Size

      609KB

    • MD5

      fe2c051a9160b6207a186110b585a5b8

    • SHA1

      2b8b55fc8831150639c3dd3f531dd41cbec5408c

    • SHA256

      96a6df07b7d331cd6fb9f97e7d3f2162e56f03b7f2b7cdad58193ac1d778e025

    • SHA512

      b0d1dfdafcc7d9a9892b01a3ca22c2ff4ccbf9e4ed2c4567d9664210ee2f3e8bf4f7a8a229997d39189844d61b57e98d1543100bb7494c4bcf1ddf6bcbe1fdfe

    • SSDEEP

      12288:sJwCjrhy3QCS3hDCKzgLAq4dEBRdotb4qhObg6Qd4wlTVeoMbSn:EwCjrhy3QCSBzm44oF45H0bmO

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks