General

  • Target

    scan_meteak_2024-01-30-14-12-11.pdf.exe

  • Size

    754KB

  • Sample

    240131-m8j9cscehq

  • MD5

    2c188078210967907fc2d5f64997e05e

  • SHA1

    2a1a6fb369376cf74800cc40063a9ca99df4779b

  • SHA256

    479464eb3f4adf0b74ade4aa491fef4eab206c0ddf5489a80d823779b4a4d69b

  • SHA512

    6bbd3e041ffbb5ff5987cec9ea343a05b9f4c29f0111ad1c0124ee3cd61e886dcc8f5e9400b058573d4d488f16f3407b6ff9349dea907c5ecc1b87d9ce449f96

  • SSDEEP

    12288:d/byR39SCF1OFsbuulCzXNMfGHJk4KouTpD+XQAzbZC1FUooRv0QWAuj8X03E:p039ZblCzNMfGHJJOaVvZC2J

Malware Config

Targets

    • Target

      scan_meteak_2024-01-30-14-12-11.pdf.exe

    • Size

      754KB

    • MD5

      2c188078210967907fc2d5f64997e05e

    • SHA1

      2a1a6fb369376cf74800cc40063a9ca99df4779b

    • SHA256

      479464eb3f4adf0b74ade4aa491fef4eab206c0ddf5489a80d823779b4a4d69b

    • SHA512

      6bbd3e041ffbb5ff5987cec9ea343a05b9f4c29f0111ad1c0124ee3cd61e886dcc8f5e9400b058573d4d488f16f3407b6ff9349dea907c5ecc1b87d9ce449f96

    • SSDEEP

      12288:d/byR39SCF1OFsbuulCzXNMfGHJk4KouTpD+XQAzbZC1FUooRv0QWAuj8X03E:p039ZblCzNMfGHJJOaVvZC2J

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks