General

  • Target

    7a325eb5362fde69fa4f53a6186515b9

  • Size

    868KB

  • Sample

    240127-n8q8cabgc6

  • MD5

    7a325eb5362fde69fa4f53a6186515b9

  • SHA1

    ba098e5df96e94497dd61d5614abd39ffff009d2

  • SHA256

    bf72fb3cccef8f9988501591ae9d15e547ef80191c3e5b8043ca223268b32502

  • SHA512

    20ce59451c020a188aa6a7b4f0d82290fd31c18cd3a022611fe73c1e47c3ffafb8c6debc62555cd0797b584bfd99b193728bda8cb91d6d9eb53c72ef40802927

  • SSDEEP

    12288:qdcsGI/c250xQ8CZznsV0xwGsWSwyAHihv8X3jKAXMiqsdO+/2EObbR:q3KzCZ7KPGQAS8X3jRXM/dO

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      7a325eb5362fde69fa4f53a6186515b9

    • Size

      868KB

    • MD5

      7a325eb5362fde69fa4f53a6186515b9

    • SHA1

      ba098e5df96e94497dd61d5614abd39ffff009d2

    • SHA256

      bf72fb3cccef8f9988501591ae9d15e547ef80191c3e5b8043ca223268b32502

    • SHA512

      20ce59451c020a188aa6a7b4f0d82290fd31c18cd3a022611fe73c1e47c3ffafb8c6debc62555cd0797b584bfd99b193728bda8cb91d6d9eb53c72ef40802927

    • SSDEEP

      12288:qdcsGI/c250xQ8CZznsV0xwGsWSwyAHihv8X3jKAXMiqsdO+/2EObbR:q3KzCZ7KPGQAS8X3jRXM/dO

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks