General

  • Target

    list of items.exe

  • Size

    613KB

  • Sample

    240508-jkyv3ace25

  • MD5

    8efc17bf06286d73ab38a42c72707869

  • SHA1

    fa8d5bef0807c0bcd2009989812562a7976bbcaf

  • SHA256

    1f9bb30664b00d710ecedcdd485de690c25e38199c86fc2fe350c7e11c660fd4

  • SHA512

    608edf8de51cb9430ad40848df5e80b4c61dd8d361f94cd07499f1d59c17f7f44c90ad1d2850e5f1d90e9f286769fc16adba25049fb700d73d0f14b926a0f0ec

  • SSDEEP

    12288:UVniETpbNEh7Uh2iW1Xlb6NmUND9vFtXEg6lKGHNWulRyskR:W7bN07Uh2F1ENmUPfmMGtNyb

Malware Config

Extracted

Family

snakekeylogger

Credentials
C2

https://scratchdreams.tk

Targets

    • Target

      list of items.exe

    • Size

      613KB

    • MD5

      8efc17bf06286d73ab38a42c72707869

    • SHA1

      fa8d5bef0807c0bcd2009989812562a7976bbcaf

    • SHA256

      1f9bb30664b00d710ecedcdd485de690c25e38199c86fc2fe350c7e11c660fd4

    • SHA512

      608edf8de51cb9430ad40848df5e80b4c61dd8d361f94cd07499f1d59c17f7f44c90ad1d2850e5f1d90e9f286769fc16adba25049fb700d73d0f14b926a0f0ec

    • SSDEEP

      12288:UVniETpbNEh7Uh2iW1Xlb6NmUND9vFtXEg6lKGHNWulRyskR:W7bN07Uh2F1ENmUPfmMGtNyb

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks