General

  • Target

    SecuriteInfo.com.Win32.InjectorX-gen.14522.28058

  • Size

    1.1MB

  • Sample

    240126-x6a8saebeq

  • MD5

    d6e331d512fee7896030dab1043aec7d

  • SHA1

    89d2ba0bffc483dd65367aee8b175e93f6ab6212

  • SHA256

    8b301421ea1c55e9b8c3c63e68f942716d9d7fa4d0b3555b73034612115239ba

  • SHA512

    02f35b792020f088132f30b385babac82e0c48c2f1e2d53681557cd67cc7d9e147a19856738495847433e81f0b9099c7a82682a50ee35f2376608d4c06902e4f

  • SSDEEP

    24576:EEsGRdrEAbm4zusGRdrEAbm4zbL3AfemsGRdrEAbm4zpy:jbdYAm4zubdYAm4z/3AXbdYAm4z0

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.InjectorX-gen.14522.28058

    • Size

      1.1MB

    • MD5

      d6e331d512fee7896030dab1043aec7d

    • SHA1

      89d2ba0bffc483dd65367aee8b175e93f6ab6212

    • SHA256

      8b301421ea1c55e9b8c3c63e68f942716d9d7fa4d0b3555b73034612115239ba

    • SHA512

      02f35b792020f088132f30b385babac82e0c48c2f1e2d53681557cd67cc7d9e147a19856738495847433e81f0b9099c7a82682a50ee35f2376608d4c06902e4f

    • SSDEEP

      24576:EEsGRdrEAbm4zusGRdrEAbm4zbL3AfemsGRdrEAbm4zpy:jbdYAm4zubdYAm4z/3AXbdYAm4z0

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks