General

  • Target

    c62da7a3eac6bae78ea8a771faa65d17.bin

  • Size

    562KB

  • Sample

    240505-b7t7dsag4w

  • MD5

    20518ab7786a1803d4954e9c745c8503

  • SHA1

    32f71042c189193c696510fad121cb93e856d534

  • SHA256

    29889dbec35701a2ccd33fd06cb719f0bb29ecec28c1d224166f7ab359cdacf8

  • SHA512

    dcbe8951327a27332bd11dfa17439889992bb2adc4a167f2deb3d2603de0eba010c751c0d333b621eacaa9d7853db76f3125a22f3c38cd881c7562ce2ae7510c

  • SSDEEP

    12288:1+jOOi01o3RcTcQeWtlAenY/s0VtLwkPDG37UCs5CMT3CKcFEtl:hRdhxWtlAiYNVtLPPDG3ACYL3C6z

Malware Config

Extracted

Family

snakekeylogger

Credentials
C2

https://scratchdreams.tk

Targets

    • Target

      0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0.exe

    • Size

      942KB

    • MD5

      c62da7a3eac6bae78ea8a771faa65d17

    • SHA1

      302984629aa44746a3e8b832c4fcacabcc585aaa

    • SHA256

      0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0

    • SHA512

      8e534c1e0d80757c9b8d02895f67d0ac46c15dd3f5fd418e4482859c8252f64bc0dff4d436da1af81db37d1593a0430d30562e74a1f8e845b030aa4f421c5add

    • SSDEEP

      12288:MSYxUeoUKT5lmvV9fGRaBeUBSMUkA4zcL4pLou:gz45lmdlIaHBokA1L4j

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks