General

  • Target

    7a66c663f71aff27ef5671579fd986b30c9527e23da7cbcfe7cdad8bf8baf739

  • Size

    1.0MB

  • Sample

    240127-qza6wafbdr

  • MD5

    5b4a8765f884a095e35b8691bbc0c8ad

  • SHA1

    97dd8cd828b59ca8730583b4518010c238ae9017

  • SHA256

    7a66c663f71aff27ef5671579fd986b30c9527e23da7cbcfe7cdad8bf8baf739

  • SHA512

    bf76508e33124dece0ad0347e55887e08f3ebe4d4f7460239ef5ab5611056f17fb0d66cd661a04cef5d2e03b7b8348cd6b706af33408e97b7cdefaec217efef0

  • SSDEEP

    24576:FCJuVVkdVCOuvnyAZHjReBycHEZ4Ci14:E0kdBuqS74e

Malware Config

Targets

    • Target

      7a66c663f71aff27ef5671579fd986b30c9527e23da7cbcfe7cdad8bf8baf739

    • Size

      1.0MB

    • MD5

      5b4a8765f884a095e35b8691bbc0c8ad

    • SHA1

      97dd8cd828b59ca8730583b4518010c238ae9017

    • SHA256

      7a66c663f71aff27ef5671579fd986b30c9527e23da7cbcfe7cdad8bf8baf739

    • SHA512

      bf76508e33124dece0ad0347e55887e08f3ebe4d4f7460239ef5ab5611056f17fb0d66cd661a04cef5d2e03b7b8348cd6b706af33408e97b7cdefaec217efef0

    • SSDEEP

      24576:FCJuVVkdVCOuvnyAZHjReBycHEZ4Ci14:E0kdBuqS74e

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks