General

  • Target

    FATEYU07655700003.exe

  • Size

    1.1MB

  • Sample

    240410-mqwjnsfg5x

  • MD5

    9258acec51d72838b25d0a48767a6c95

  • SHA1

    3dce5acc74ae4db1c3cdc516f4d680c631b27b65

  • SHA256

    9408b2474a4faee9afbab11fa258873175b9d9400d9c582104fb6400505c5475

  • SHA512

    7b31a5b974cf9c86fbd62b06ebdb5461a85687554a625ea7332c654c188b9e6c0a51a5a1f88af579c96e6ef9be3326c2732afef762f66e7ae45c100ed0e3a279

  • SSDEEP

    24576:/AHnh+eWsN3skA4RV1Hom2KXMmHaA4H4444Cs0K4WgMcCNK4U25:ih+ZkldoPK8YaA4H4444Csgx7CNz

Malware Config

Extracted

Family

snakekeylogger

C2

https://scratchdreams.tk

Targets

    • Target

      FATEYU07655700003.exe

    • Size

      1.1MB

    • MD5

      9258acec51d72838b25d0a48767a6c95

    • SHA1

      3dce5acc74ae4db1c3cdc516f4d680c631b27b65

    • SHA256

      9408b2474a4faee9afbab11fa258873175b9d9400d9c582104fb6400505c5475

    • SHA512

      7b31a5b974cf9c86fbd62b06ebdb5461a85687554a625ea7332c654c188b9e6c0a51a5a1f88af579c96e6ef9be3326c2732afef762f66e7ae45c100ed0e3a279

    • SSDEEP

      24576:/AHnh+eWsN3skA4RV1Hom2KXMmHaA4H4444Cs0K4WgMcCNK4U25:ih+ZkldoPK8YaA4H4444Csgx7CNz

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks