General

  • Target

    7dca5662fe7621ffd890ac202dd50e9d22b8f2ca186490ad62d8813cc0727cdb

  • Size

    1.1MB

  • Sample

    240128-x1q22shhdl

  • MD5

    dedf47709ccc73cc599b1be48d34b70f

  • SHA1

    6dd596495fc521e9d690f0e3d2c79c08e4a439c2

  • SHA256

    7dca5662fe7621ffd890ac202dd50e9d22b8f2ca186490ad62d8813cc0727cdb

  • SHA512

    b817dfda7b0073c7f81fc2a57a2f7aab097ec9da87376fb7735035a817a3b0167b1303afe18cce06770bd18ed0ef5ef1c8bff53720f8da2af09c247c119bcb1b

  • SSDEEP

    12288:kdvgY7jTcq4dDa8Zxu+Qor+gjJS4vkadheZYZMIyVz3sdvVFMr8GA:kdvgQtcDa8HZr4auZYZSKdvV/GA

Malware Config

Targets

    • Target

      7dca5662fe7621ffd890ac202dd50e9d22b8f2ca186490ad62d8813cc0727cdb

    • Size

      1.1MB

    • MD5

      dedf47709ccc73cc599b1be48d34b70f

    • SHA1

      6dd596495fc521e9d690f0e3d2c79c08e4a439c2

    • SHA256

      7dca5662fe7621ffd890ac202dd50e9d22b8f2ca186490ad62d8813cc0727cdb

    • SHA512

      b817dfda7b0073c7f81fc2a57a2f7aab097ec9da87376fb7735035a817a3b0167b1303afe18cce06770bd18ed0ef5ef1c8bff53720f8da2af09c247c119bcb1b

    • SSDEEP

      12288:kdvgY7jTcq4dDa8Zxu+Qor+gjJS4vkadheZYZMIyVz3sdvVFMr8GA:kdvgQtcDa8HZr4auZYZSKdvV/GA

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks