General

  • Target

    799c3c52ef032c42c3bb3eb8cad03e95

  • Size

    877KB

  • Sample

    240127-h4renahben

  • MD5

    799c3c52ef032c42c3bb3eb8cad03e95

  • SHA1

    ef0327d7575930cc0813da0e61f35ed2d8b2fb54

  • SHA256

    5cea575dd643a9dce9903eeeecc35685ce60348a1a1c65d6626783976ca14be5

  • SHA512

    ef9e25b9321b7af0064f516698eecf9af32fff35f770cf582cee4d7e0bf2913c38fa3580ac945f0e62e47aa1e21cb355988929dfc8de841c6be1e01de2aa8193

  • SSDEEP

    12288:CrYODc9F3nC0Py3gAhjEJbjJEKn8jL8CZ9GCfFnhAa9BLLeh/QasrtCjF+Vi:/+jL8CFnhACBLih/1srtWgi

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      799c3c52ef032c42c3bb3eb8cad03e95

    • Size

      877KB

    • MD5

      799c3c52ef032c42c3bb3eb8cad03e95

    • SHA1

      ef0327d7575930cc0813da0e61f35ed2d8b2fb54

    • SHA256

      5cea575dd643a9dce9903eeeecc35685ce60348a1a1c65d6626783976ca14be5

    • SHA512

      ef9e25b9321b7af0064f516698eecf9af32fff35f770cf582cee4d7e0bf2913c38fa3580ac945f0e62e47aa1e21cb355988929dfc8de841c6be1e01de2aa8193

    • SSDEEP

      12288:CrYODc9F3nC0Py3gAhjEJbjJEKn8jL8CZ9GCfFnhAa9BLLeh/QasrtCjF+Vi:/+jL8CFnhACBLih/1srtWgi

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks