General

  • Target

    7998165d0db2acc29c72e4ea081a1f2a

  • Size

    868KB

  • Sample

    240127-hy68xsfeb9

  • MD5

    7998165d0db2acc29c72e4ea081a1f2a

  • SHA1

    7dd82119edaf9da3f35b56c63f17bb6225ef3e1b

  • SHA256

    d8efa6cf84ac542a7bbeebf0e3962a676be0ddfd2bee442576607928c1b8b0fd

  • SHA512

    b0b381f44fae8d5f6b0e3db9a16dcc33f66beb8c436cda09d127da806cccf0f0f176873c125b8f02d4215d73d8307edcbdb031fc066b7f36b26647a317a0cb60

  • SSDEEP

    12288:CXcsGI/cl1qIU8gFPOJxxPFAsjHf11YxmbgkFemZcbyyhW5qF12EObbf:C8QIZx9j/11HgDmyb85qP

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      7998165d0db2acc29c72e4ea081a1f2a

    • Size

      868KB

    • MD5

      7998165d0db2acc29c72e4ea081a1f2a

    • SHA1

      7dd82119edaf9da3f35b56c63f17bb6225ef3e1b

    • SHA256

      d8efa6cf84ac542a7bbeebf0e3962a676be0ddfd2bee442576607928c1b8b0fd

    • SHA512

      b0b381f44fae8d5f6b0e3db9a16dcc33f66beb8c436cda09d127da806cccf0f0f176873c125b8f02d4215d73d8307edcbdb031fc066b7f36b26647a317a0cb60

    • SSDEEP

      12288:CXcsGI/cl1qIU8gFPOJxxPFAsjHf11YxmbgkFemZcbyyhW5qF12EObbf:C8QIZx9j/11HgDmyb85qP

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks