General

  • Target

    79582170fa0cdea3fc28e2f890ac3b7b

  • Size

    774KB

  • Sample

    240127-fq99hadgf8

  • MD5

    79582170fa0cdea3fc28e2f890ac3b7b

  • SHA1

    42156bb5240da70995654ff1930c438148599a56

  • SHA256

    5dd3bc52cec42aa629a080ad0e406ea6e8075955ba38e38520eaca23393b729f

  • SHA512

    97564acb420fde08206492ea7e7d126e51f23404082d0c397d226fca2ef5b0f728bb7717cffd19644f812977a3acfad3cccc8887bfe64029a4edb3932e004396

  • SSDEEP

    12288:DoDc9F3nC0Py3gAhZygIe570se15p7NKqGi93MkV0P3IldIJ6Vr/C+4I:DAygIeRReL5NKqdpTa4I4Vr

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      79582170fa0cdea3fc28e2f890ac3b7b

    • Size

      774KB

    • MD5

      79582170fa0cdea3fc28e2f890ac3b7b

    • SHA1

      42156bb5240da70995654ff1930c438148599a56

    • SHA256

      5dd3bc52cec42aa629a080ad0e406ea6e8075955ba38e38520eaca23393b729f

    • SHA512

      97564acb420fde08206492ea7e7d126e51f23404082d0c397d226fca2ef5b0f728bb7717cffd19644f812977a3acfad3cccc8887bfe64029a4edb3932e004396

    • SSDEEP

      12288:DoDc9F3nC0Py3gAhZygIe570se15p7NKqGi93MkV0P3IldIJ6Vr/C+4I:DAygIeRReL5NKqdpTa4I4Vr

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks