General

  • Target

    79f9a890dca13753cad0b7458a60d0d7

  • Size

    390KB

  • Sample

    240127-mbebvabghj

  • MD5

    79f9a890dca13753cad0b7458a60d0d7

  • SHA1

    aedbf3a3c146008571b33ba08f062f4bdd7dd4bd

  • SHA256

    10409aac92a9511e3dd34d21ada816b3e22c01c188e9cad9128215ebfd6b21fa

  • SHA512

    b536a5e68adb41225698eabe0eac9ced62fa1a4ebed2739ad0dc4b8d36b6e9cf8c99f4b60882a66c36ec3f8564fad1a62b2f73e93f8b1424f422141a10aace55

  • SSDEEP

    6144:W0C9DLZmKBcgqh3SB+4m9LRDipYeQ93SxN0z16uDutGJwUchrJdc196K:W0GtmKO0+RLIalSQ1gUc/6f6K

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      79f9a890dca13753cad0b7458a60d0d7

    • Size

      390KB

    • MD5

      79f9a890dca13753cad0b7458a60d0d7

    • SHA1

      aedbf3a3c146008571b33ba08f062f4bdd7dd4bd

    • SHA256

      10409aac92a9511e3dd34d21ada816b3e22c01c188e9cad9128215ebfd6b21fa

    • SHA512

      b536a5e68adb41225698eabe0eac9ced62fa1a4ebed2739ad0dc4b8d36b6e9cf8c99f4b60882a66c36ec3f8564fad1a62b2f73e93f8b1424f422141a10aace55

    • SSDEEP

      6144:W0C9DLZmKBcgqh3SB+4m9LRDipYeQ93SxN0z16uDutGJwUchrJdc196K:W0GtmKO0+RLIalSQ1gUc/6f6K

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks