Overview

overview

10

Static

static

3

2089a4afb0...84.exe

windows7-x64

10

2089a4afb0...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2089a4afb0da3efaf21867d50cd455ae022bcfbbbec90d11f0d57a2ca70a2584.exe

  • Size

    622KB

  • Sample

    231203-mrtrgabf6w

  • MD5

    cf80494483e6127d218745b68baf5366

  • SHA1

    f473603a1c00d0c158cb337c0aea1a9246fa391a

  • SHA256

    2089a4afb0da3efaf21867d50cd455ae022bcfbbbec90d11f0d57a2ca70a2584

  • SHA512

    57345a9ae13d3f480b1989af5db3b2655b84d224c94bf899252b2d128b72f57c27ab14b8be996f1dadec0c0f99e009696130535e1f55eb5f3239b7544ea44f48

  • SSDEEP

    12288:fI8KNdiwMxa6jvZyWzDVByvHQT4vq93BOUm0TQfZ:AdiwbmJDVT39ROv0T

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.bhojwanindia.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bombayoffice123

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.bhojwanindia.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bombayoffice123

Targets

    • Target

      2089a4afb0da3efaf21867d50cd455ae022bcfbbbec90d11f0d57a2ca70a2584.exe

    • Size

      622KB

    • MD5

      cf80494483e6127d218745b68baf5366

    • SHA1

      f473603a1c00d0c158cb337c0aea1a9246fa391a

    • SHA256

      2089a4afb0da3efaf21867d50cd455ae022bcfbbbec90d11f0d57a2ca70a2584

    • SHA512

      57345a9ae13d3f480b1989af5db3b2655b84d224c94bf899252b2d128b72f57c27ab14b8be996f1dadec0c0f99e009696130535e1f55eb5f3239b7544ea44f48

    • SSDEEP

      12288:fI8KNdiwMxa6jvZyWzDVByvHQT4vq93BOUm0TQfZ:AdiwbmJDVT39ROv0T

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks