General

  • Target

    865ece5b40731a1318f488d9011360e3

  • Size

    650KB

  • Sample

    240201-j13tyshbel

  • MD5

    865ece5b40731a1318f488d9011360e3

  • SHA1

    784f9b865ddec298a8b390f78eec2829db9588ee

  • SHA256

    41b54ea5a4e4b02d96e09be1bbb655b6c6755c7f5f22fab9e8331e7ce911c010

  • SHA512

    0988576c80188cfecd55e6214c999311905583770e921bdf4a8d9615e9bda51bd21f3aa03857393dc5e29b64b150cec63cb127f2c5e98f963917810a6dc25bb5

  • SSDEEP

    6144:IZ+XF7UXdbVNsn3iXqBPRcsH+er3mXoITWxF1JwfBry5nQe+A/:IkXqdbns3iXqPcshrmXZWxJS1y5UA

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      865ece5b40731a1318f488d9011360e3

    • Size

      650KB

    • MD5

      865ece5b40731a1318f488d9011360e3

    • SHA1

      784f9b865ddec298a8b390f78eec2829db9588ee

    • SHA256

      41b54ea5a4e4b02d96e09be1bbb655b6c6755c7f5f22fab9e8331e7ce911c010

    • SHA512

      0988576c80188cfecd55e6214c999311905583770e921bdf4a8d9615e9bda51bd21f3aa03857393dc5e29b64b150cec63cb127f2c5e98f963917810a6dc25bb5

    • SSDEEP

      6144:IZ+XF7UXdbVNsn3iXqBPRcsH+er3mXoITWxF1JwfBry5nQe+A/:IkXqdbns3iXqPcshrmXZWxJS1y5UA

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks