Overview

overview

10

Static

static

3

1179340120...4c.exe

windows7-x64

10

1179340120...4c.exe

windows10-2004-x64

10

hzwixydpga.exe

windows7-x64

3

hzwixydpga.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ea280179e136a1a753cddc73123975a77ac32ddf48ac9a033513dfe99a9a52e

  • Size

    243KB

  • Sample

    240417-r5cgkacf88

  • MD5

    88969f9a4697e9d6d70174cd0db26cb6

  • SHA1

    c6eb45764761461bd6569eb8537daf4040054bd9

  • SHA256

    7ea280179e136a1a753cddc73123975a77ac32ddf48ac9a033513dfe99a9a52e

  • SHA512

    25ed3d8f4214ce2f71b5893efd0ac5a92ad37a85e57319670320e1e9c1adecd5c2a6b84a0aa33ce16209a4cd5c85b1345226b4cd2ad1eb294fdb4b81ca75c0c0

  • SSDEEP

    6144:fI+KsMUOO1wfojcecJia9fHZJew3VVKBwCGlbdlS:ZO4wfo8iuHZEgVeyTS

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6180860165:AAH5meoxRqYOnd7z0M_zkiqQ7pmOf_hbrUY/sendMessage?chat_id=6077046490

Targets

    • Target

      1179340120d15da615c756d150ef5e5416bafe41ccdc0207da63f8877177194c.exe

    • Size

      269KB

    • MD5

      3c707a76b1c6c53e381e5da078ce8997

    • SHA1

      6ac3522f2ca5016163e4628dd34540ac9c265d98

    • SHA256

      1179340120d15da615c756d150ef5e5416bafe41ccdc0207da63f8877177194c

    • SHA512

      61972ebeb909ef6fd0b06c4a3c0dd253214a374da8be8f3992a9bd083e68c2eab1a98db4f28c2d5c4c1017182b738674bdfa64b7e0c6d7b00819b65e00d275bd

    • SSDEEP

      6144:KYa6wCcfGAtjzSSWr+LL97alHLpS9pzEYzUUG3Z:KYGCcOAtjzSbrYwlHLYGU0

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      hzwixydpga.exe

    • Size

      58KB

    • MD5

      a125ad645e6565297bab29355475dbad

    • SHA1

      0c1b472760f288c6a31181165f2ceef63ea69fae

    • SHA256

      0c69de10bce3bbdea0a2db0caf5a79b3864d4d4da59bcae89f08e5b468350681

    • SHA512

      e1dbbfcd03c5f531dd03a0b929249c44fb85838de057c8983de7ce243dd4fe5393c50d4ddf22aa15d4817c1fddb53b4764bc85f3bac47962809c7f74a69a55fe

    • SSDEEP

      768:vFX1hE9FCuqS+dUUo6RoQ7tuSbYuIEfM5I+gI+27rN8cxcNKw2WsUfeWacM:NXo92S+dUwRjlj+vn1c

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks