Overview

overview

10

Static

static

3

113-14-11-23.exe

windows7-x64

10

113-14-11-23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    935e863854e392a6d2af72632e9db26bc1b29d3c136d2f3fe4439b73d54c036a

  • Size

    479KB

  • Sample

    231114-dehn1agb8w

  • MD5

    9cd14e1678f1dcd7b4c0f5091f05a8ee

  • SHA1

    7bb85426fd9a514093abb61692255d2c4af3fb43

  • SHA256

    935e863854e392a6d2af72632e9db26bc1b29d3c136d2f3fe4439b73d54c036a

  • SHA512

    88527c02f64b217ee85dc11b186e53b1330fbacf66e849ac462d52f8316a09c5a389e08c35bea837368a96ed6428e1989b2911cba64575cc12a6d434ac8fc9ed

  • SSDEEP

    12288:2D+NIqDv7qNtNJrODOM7mcrcGuqWvIkC19fz2mHZRjkfYo2Wl:9vn+N0iGm2NWTC1EYpWl

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.mct2.co.za
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    00000

Targets

    • Target

      113-14-11-23.exe

    • Size

      506KB

    • MD5

      670c97b70fccca905c87e3acdcc65358

    • SHA1

      674d8dc3316e451c4139073ba7fbb6b8692da907

    • SHA256

      dee9635e6bae8f84d02a7a406fa7c898663636ab647681143b288384442eadf3

    • SHA512

      a86a43a6836a64aa6e2fb2d75cc4261c6832b80d0ed8c0672b0becbb6cb4f6ac460004919a4dd7e3a67d08a53ae08ab32d1dd8b865e6683fc7d840e7cf30bfca

    • SSDEEP

      12288:ZVMcthmJZoIF7SITWFl+QKU4NwBwvNUVYZqWhvMVnzsYKttOfIIAFnSE:aoIF7SoktIgxWhDY8tKqS

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks