Overview

overview

10

Static

static

3

Request fo...31.exe

windows7-x64

10

Request fo...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    393aed486a97ea1b9bbfc044d6ce06cc01cf663fd2f49d1e47e2a8b01e008fe2

  • Size

    511KB

  • Sample

    231011-dbsd2acb43

  • MD5

    c789c69457f884e168da807b7772aba5

  • SHA1

    6fbaf15ec67c7fe9183c662911ae3a6e61c4e016

  • SHA256

    393aed486a97ea1b9bbfc044d6ce06cc01cf663fd2f49d1e47e2a8b01e008fe2

  • SHA512

    f72f32de71246397f7040162212ab3223099b6dfb4d3764084f175ee42d2f774a756c4c0b4a9fe68b4baee6640062c06c4da5cdb3f7701b794efb4ff08ea1fcc

  • SSDEEP

    12288:hgqARI9CjibXIPtElddSWDMBzNNevPlNixzEGCOObk34:hZARIQPtE7dIBzNNevdNWwGCOO4o

Score
10/10
snakekeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Request for Quotation -E23101031.exe

    • Size

      586KB

    • MD5

      3c37e9c7692acfbcd640098bf27b96e7

    • SHA1

      45351a864e8fc5bb40c0ded7f6cae5bb2c756d44

    • SHA256

      f4126cc3a40b984f3b96ff7c372a7d97060d55c7394ea3f7fc9fae5f9ccb2554

    • SHA512

      704372aab2f61facb3fa00d3f503070987bf1d25a6db6aa64e434efe2da02c5757e697044276679d7175ac18ca78b5d0ecb40171724108e7d415f592383910ba

    • SSDEEP

      12288:Q5YX9KrQnZEtGI0IWwtIspPgX/SSONPMDn5yX6CPnDZ:pt5EQ7IrIMZSONED5yXvD

    Score
    10/10
    snakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks