General

  • Target

    7969c647ed1c0c449a512c88ccaa22b9

  • Size

    834KB

  • Sample

    240127-gbslksfhcq

  • MD5

    7969c647ed1c0c449a512c88ccaa22b9

  • SHA1

    e84c5574e52045ceb7fb4f70380ae6b44d7bc189

  • SHA256

    90d00d97833d65bb0bea7fa86afb3d311a66069c80acaf18ca32055ad6b307f7

  • SHA512

    6aea4568068ca0ee38ba39148f6d1eb7d18ab2ac72ed7371078a7bf99affe458761633ea76ead1aa534fa63ea68a747cbdbfdc2805e14d70884d5b11aa533637

  • SSDEEP

    24576:xgwFJMNj6iRk6N3/2MN7SosjQsUTeFVd:xgwFehS6NeMFSoss1Te/

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      7969c647ed1c0c449a512c88ccaa22b9

    • Size

      834KB

    • MD5

      7969c647ed1c0c449a512c88ccaa22b9

    • SHA1

      e84c5574e52045ceb7fb4f70380ae6b44d7bc189

    • SHA256

      90d00d97833d65bb0bea7fa86afb3d311a66069c80acaf18ca32055ad6b307f7

    • SHA512

      6aea4568068ca0ee38ba39148f6d1eb7d18ab2ac72ed7371078a7bf99affe458761633ea76ead1aa534fa63ea68a747cbdbfdc2805e14d70884d5b11aa533637

    • SSDEEP

      24576:xgwFJMNj6iRk6N3/2MN7SosjQsUTeFVd:xgwFehS6NeMFSoss1Te/

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks