General

  • Target

    85ec8c55fb054ccfd577e19e5c51ac24

  • Size

    749KB

  • Sample

    240201-e24enadbdn

  • MD5

    85ec8c55fb054ccfd577e19e5c51ac24

  • SHA1

    445d6096cda86e2c0e8adef881aeca15414224e2

  • SHA256

    b63936bdf1e15df57a5086b9de890e35d5e6a118c7680fd1fd2227a56b57365d

  • SHA512

    7a4544c6bbc94a476675a5493de43aa30587ce4eede49f6bf7c9e073aede4bf197494dd70f4231159a2cbf6d5db62cf06648d6df00e4eaa246f65c22dfe20908

  • SSDEEP

    12288:HI04AEzi1D00FGA77PyRM9GM1mnYVlr52jG6YtnnxUMBmfbJPN4lxoOksuV:FTvF/FGA77fAMcnDS4Aks

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      85ec8c55fb054ccfd577e19e5c51ac24

    • Size

      749KB

    • MD5

      85ec8c55fb054ccfd577e19e5c51ac24

    • SHA1

      445d6096cda86e2c0e8adef881aeca15414224e2

    • SHA256

      b63936bdf1e15df57a5086b9de890e35d5e6a118c7680fd1fd2227a56b57365d

    • SHA512

      7a4544c6bbc94a476675a5493de43aa30587ce4eede49f6bf7c9e073aede4bf197494dd70f4231159a2cbf6d5db62cf06648d6df00e4eaa246f65c22dfe20908

    • SSDEEP

      12288:HI04AEzi1D00FGA77PyRM9GM1mnYVlr52jG6YtnnxUMBmfbJPN4lxoOksuV:FTvF/FGA77fAMcnDS4Aks

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks