General

  • Target

    24af572a18b0c2490589745bc6466f3b.exe

  • Size

    474KB

  • Sample

    230807-qkv8hagg2y

  • MD5

    24af572a18b0c2490589745bc6466f3b

  • SHA1

    8c6064519e2ad1578741244a8d28ceb82983fbf7

  • SHA256

    fe24a322c4104ce6fb8bc6b3460907471c999d6c1c87567648575034d3b67b59

  • SHA512

    211a636b9772cdc441d3ff03be01d06b3bdf046dd41a1055c2c144e0e9a96377724501736b41efd28726b50e67e2e999476363b811d74331bb20835369a802cc

  • SSDEEP

    12288:Scv6ZS2MRXplCmrHLedAEXeRD4gbtVEpp1y:Scy42GXpwmrH6dAEX9bn1y

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      24af572a18b0c2490589745bc6466f3b.exe

    • Size

      474KB

    • MD5

      24af572a18b0c2490589745bc6466f3b

    • SHA1

      8c6064519e2ad1578741244a8d28ceb82983fbf7

    • SHA256

      fe24a322c4104ce6fb8bc6b3460907471c999d6c1c87567648575034d3b67b59

    • SHA512

      211a636b9772cdc441d3ff03be01d06b3bdf046dd41a1055c2c144e0e9a96377724501736b41efd28726b50e67e2e999476363b811d74331bb20835369a802cc

    • SSDEEP

      12288:Scv6ZS2MRXplCmrHLedAEXeRD4gbtVEpp1y:Scy42GXpwmrH6dAEX9bn1y

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks