General

  • Target

    PR#6000570.exe

  • Size

    687KB

  • Sample

    231205-r75wwsca73

  • MD5

    77f9482eebf5738fa5794c156d521179

  • SHA1

    27412eb4675c9cbcc09e309b30667bfe724276a2

  • SHA256

    1868580d2be029a52f049250e2db5d3e54f300bd8004a14f54398be123aaa478

  • SHA512

    5ebb5e4e07a1d88daf6e4ea8aab6d8dab9ae84d39e3a4a1d95a17970027a66405e599c0e36e91811f925a298b67006d9f3b2eeb3a0f61e0940a857640b5647ad

  • SSDEEP

    12288:IRKE6jD/62iNG5nF88DhobDdfqSgtf6orWVEOeRdWqfK94S7n7hNu:IRKtD/61I5ho35qB6orjREN

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.udignost.com
  • Port:
    587
  • Username:
    kutait@udignost.com
  • Password:
    4vzQdA14
  • Email To:
    sales@allnesiacoffee.com

Targets

    • Target

      PR#6000570.exe

    • Size

      687KB

    • MD5

      77f9482eebf5738fa5794c156d521179

    • SHA1

      27412eb4675c9cbcc09e309b30667bfe724276a2

    • SHA256

      1868580d2be029a52f049250e2db5d3e54f300bd8004a14f54398be123aaa478

    • SHA512

      5ebb5e4e07a1d88daf6e4ea8aab6d8dab9ae84d39e3a4a1d95a17970027a66405e599c0e36e91811f925a298b67006d9f3b2eeb3a0f61e0940a857640b5647ad

    • SSDEEP

      12288:IRKE6jD/62iNG5nF88DhobDdfqSgtf6orWVEOeRdWqfK94S7n7hNu:IRKtD/61I5ho35qB6orjREN

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks