General

  • Target

    791bf140d59ac26a86b23e336138704a

  • Size

    1.1MB

  • Sample

    240127-dkf3csdcfl

  • MD5

    791bf140d59ac26a86b23e336138704a

  • SHA1

    4f9c99c56cfc0029595cb26d497ec119c2b8182f

  • SHA256

    c416427d81d71207545b34d24c898ae9a4ffbfd86c165cb6674ac0920656c5d9

  • SHA512

    4068deecab88dbd853a761773e8828af2963595391496b182ee9a9cc952668b51df81388af47d1129cdb646a78e274979c303fbac66861eb6811aa3322c315c8

  • SSDEEP

    24576:nYNkCm/yOsBgo0q4wM/8riWH9ILoRVxjUpjgN+M:nZToHM/UiWHWOUo

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      791bf140d59ac26a86b23e336138704a

    • Size

      1.1MB

    • MD5

      791bf140d59ac26a86b23e336138704a

    • SHA1

      4f9c99c56cfc0029595cb26d497ec119c2b8182f

    • SHA256

      c416427d81d71207545b34d24c898ae9a4ffbfd86c165cb6674ac0920656c5d9

    • SHA512

      4068deecab88dbd853a761773e8828af2963595391496b182ee9a9cc952668b51df81388af47d1129cdb646a78e274979c303fbac66861eb6811aa3322c315c8

    • SSDEEP

      24576:nYNkCm/yOsBgo0q4wM/8riWH9ILoRVxjUpjgN+M:nZToHM/UiWHWOUo

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks