General

  • Target

    Scan_20240129_174047.exe

  • Size

    600KB

  • Sample

    240129-ldmkkaeff6

  • MD5

    4168d882eef97a3b96233f5d585a76aa

  • SHA1

    9bd9bab17f9da27dbb8431a2cdb34f73f0eff6ac

  • SHA256

    9760f95030f8a3303ea6f028a872f133707ed0d8417768d9db410cd8adaab4cd

  • SHA512

    2a94b1d3bc59305bbbcf22da1b07ad6b3691fc4b2abd93507d04dd1a4fd18ae3cf2bf1681e7e2c42fcde563c1f89d2a05f5401cac071c54c6c9f617d74c8ff13

  • SSDEEP

    12288:da1ZNIoIFFHgeg/cmLF0b72ulvEWxjxvxXa+WS8yUH6hbKOGkqAE:SNIXFxmB0b72KVjxvx7WOUHIKb7A

Malware Config

Targets

    • Target

      Scan_20240129_174047.exe

    • Size

      600KB

    • MD5

      4168d882eef97a3b96233f5d585a76aa

    • SHA1

      9bd9bab17f9da27dbb8431a2cdb34f73f0eff6ac

    • SHA256

      9760f95030f8a3303ea6f028a872f133707ed0d8417768d9db410cd8adaab4cd

    • SHA512

      2a94b1d3bc59305bbbcf22da1b07ad6b3691fc4b2abd93507d04dd1a4fd18ae3cf2bf1681e7e2c42fcde563c1f89d2a05f5401cac071c54c6c9f617d74c8ff13

    • SSDEEP

      12288:da1ZNIoIFFHgeg/cmLF0b72ulvEWxjxvxXa+WS8yUH6hbKOGkqAE:SNIXFxmB0b72KVjxvx7WOUHIKb7A

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks