Overview

overview

10

Static

static

3

8c366bddcc...34.exe

windows7-x64

10

8c366bddcc...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf89a03d499a9da3518a943bdaaf3f9a.bin

  • Size

    442KB

  • Sample

    231105-dm23lscb52

  • MD5

    549fc6e30c8196c835566875e88099e9

  • SHA1

    ee2e914f73b78ccb7f5b7618826be3e6c903342d

  • SHA256

    ee17941713be610733db7fe7fe5fae7bf2bcc3cc5dc5b9bba593c6d624dd631e

  • SHA512

    08cc94f88ea30a7bb3b6ae96bf2191bfd3ddecd9631162e68282da3ee52156601fe66ed5fe51d1649e7bbddb0ea340b469e098b1e06c9360063ec48fdeb45c0e

  • SSDEEP

    12288:m4AeEHXZyC0XF28yzXomWiDoL3GMGJwSadrXww9e:Z7EHXwYbXlsGNJdadrXG

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    resultsurex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    d()&nzU1tC3+

  • Protocol:     ftp
  • Host:
    ftp://ftp.resultsurex.com/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    [XH~0fB9c]@*
C2

https://api.telegram.org/bot6783929306:AAFJU35OkwjDMHKdR2FUDQELnw67_grsAts/sendMessage?chat_id=5986156290

Targets

    • Target

      8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734.exe

    • Size

      1.1MB

    • MD5

      cf89a03d499a9da3518a943bdaaf3f9a

    • SHA1

      f6e1db56f0a6a88a787920a56acbb2406b5fca2b

    • SHA256

      8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734

    • SHA512

      4c61ab6c7014a868a7f1568074c018e469a2a4af6428a7e40cb4370d07b7c083a4b710d0c5b2c6c7c8ac5224e8301705643b599c3159f521dd97540df61f84f4

    • SSDEEP

      24576:UfjHsVx69As4hkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwL:CjHZ9AsQpAuserKvpAuJMi+sPV3GykDM

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks