Overview

overview

10

Static

static

3

1806d15fd4...a0.exe

windows7-x64

10

1806d15fd4...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1806d15fd4ad27772df69d88f34a72a0

  • Size

    1001KB

  • Sample

    231224-224rrahhbr

  • MD5

    1806d15fd4ad27772df69d88f34a72a0

  • SHA1

    ba82b8081281bbf470c9f7eeba4dcec7b29032a1

  • SHA256

    49bf307264bfd9daffaaa91e8b45db7e191f63458570acfd32548f123d33a3b4

  • SHA512

    b87bc9e9a2816d651b1a2865fd5861a9061a031fc507dcbb82c2871c7af05be4b12434b6afeb548fbe0fd516138415600bfb2fe1b23fe67972a5925ab435ac1e

  • SSDEEP

    24576:2Zs/xzN9a5RY/d3luK64JdlpKlXy/G8AdBYsB:2Zs/ta5RXK64Jwmgv

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Targets

    • Target

      1806d15fd4ad27772df69d88f34a72a0

    • Size

      1001KB

    • MD5

      1806d15fd4ad27772df69d88f34a72a0

    • SHA1

      ba82b8081281bbf470c9f7eeba4dcec7b29032a1

    • SHA256

      49bf307264bfd9daffaaa91e8b45db7e191f63458570acfd32548f123d33a3b4

    • SHA512

      b87bc9e9a2816d651b1a2865fd5861a9061a031fc507dcbb82c2871c7af05be4b12434b6afeb548fbe0fd516138415600bfb2fe1b23fe67972a5925ab435ac1e

    • SSDEEP

      24576:2Zs/xzN9a5RY/d3luK64JdlpKlXy/G8AdBYsB:2Zs/ta5RXK64Jwmgv

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks