General

  • Target

    06052024_2339_03052024_ORDEN DE COMPRA URGENTE PARA MAYO pdf.zip

  • Size

    536KB

  • Sample

    240506-3nlvfsgf3x

  • MD5

    ce87e4068020e1732b508e4a5bd7942f

  • SHA1

    e60596efe40eb9f4577930992d23526534e2e55c

  • SHA256

    249caf4e0963bbb21a73dc675e22bb74df29fe1977924fcf9f58914abfe65af4

  • SHA512

    05866fb585db16a6d4bbc0801bb9c2d0aa1d8a27b73fd5a6620927924f6b634eeccbe208135bc631f020f76694c8520fcc3c63919eb43cea4ede14d80fb5b316

  • SSDEEP

    12288:4dz/Pj8ZsAtgEBhvsbHbGs8jgPT+amQgN4OBOQMDU:41DEB5qH98s3mQspBPOU

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.gbogboro.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Lovelove@123
C2

https://scratchdreams.tk

Targets

    • Target

      ORDEN DE COMPRA URGENTE PARA MAYO pdf.exe

    • Size

      767KB

    • MD5

      9313eedbd90253a6f16e99df90fa213a

    • SHA1

      18635721859d55733200a416aaeebf367c7c0cb6

    • SHA256

      63340cc1fd3650cdc776c9e516989c10a1d3c21df9ab26137cff55b4e68fa7a2

    • SHA512

      b1233731e81684078df129a49148a7ce8c91531143eea52a5d035cf35b78c0714f6584c3a14b2c26390c4e6b0277df5345a71583eada51a95aea64b992e65503

    • SSDEEP

      12288:xHR2w77F3SEftBs9T3sscDgnnk0kE6d4kpsQMZU:xHz0EfTcT7cMtkE0vppyU

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks