General

  • Target

    856b4977ac0dec9244588c324e26ece8

  • Size

    1.2MB

  • Sample

    240201-aglxnafbc8

  • MD5

    856b4977ac0dec9244588c324e26ece8

  • SHA1

    95b5fd142f85ab1fb9a4be22600215be9e73925b

  • SHA256

    6f962b44d223e0f4a78f32cd66d2d10e35756354f6c2074060045b105413767a

  • SHA512

    cddd527ad72efb0b5dfd99f61ba5b6a2abe4f8583785910c271b1a577f8305e8eab392328eb0dd0b6a0abe974140da091150a67b31f8e23263d048d711626673

  • SSDEEP

    24576:p2BU76DOSfx8Dgyfx8DgrCwllRzGfuTK7m/JtCNwDZ8SL:2U76j58Dgy58DgJlfGfuTL/JtCCZl

Malware Config

Targets

    • Target

      856b4977ac0dec9244588c324e26ece8

    • Size

      1.2MB

    • MD5

      856b4977ac0dec9244588c324e26ece8

    • SHA1

      95b5fd142f85ab1fb9a4be22600215be9e73925b

    • SHA256

      6f962b44d223e0f4a78f32cd66d2d10e35756354f6c2074060045b105413767a

    • SHA512

      cddd527ad72efb0b5dfd99f61ba5b6a2abe4f8583785910c271b1a577f8305e8eab392328eb0dd0b6a0abe974140da091150a67b31f8e23263d048d711626673

    • SSDEEP

      24576:p2BU76DOSfx8Dgyfx8DgrCwllRzGfuTK7m/JtCNwDZ8SL:2U76j58Dgy58DgJlfGfuTL/JtCCZl

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks