General

  • Target

    e1f978caa52bea250231b81984e7e093a870c648267a1929a6b0f7c15471719f.zip

  • Size

    688KB

  • Sample

    240515-t5trysab39

  • MD5

    77e2c5eb5d30384a28a9753a65429207

  • SHA1

    008040f2028ca916740b094f1fe48d9407275c01

  • SHA256

    0c6f1bcf43a35693e41ebf7ec6c9094b1452837dba3cd2c411ff54f1996dfc4b

  • SHA512

    2785e49d9c3c7b252d40008a50ec579c2d565b4ed69a860afa33e14cd1abc089240fed0fe651c6b872539f7b9b4a0339fb831aa0282798cb94a56a9e0b0766c8

  • SSDEEP

    12288:SWX+3u/kZGtdZaWLGbKAOiD+bRHZq+KSnk3+kOLv49im7QTkeiJW+D0nvIZvm3GO:NO3u/kstdZVLGOAADq6kOkOE9imN29Q2

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.gbogboro.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Egoamaka@123
C2

https://scratchdreams.tk

Targets

    • Target

      e1f978caa52bea250231b81984e7e093a870c648267a1929a6b0f7c15471719f.zip

    • Size

      688KB

    • MD5

      77e2c5eb5d30384a28a9753a65429207

    • SHA1

      008040f2028ca916740b094f1fe48d9407275c01

    • SHA256

      0c6f1bcf43a35693e41ebf7ec6c9094b1452837dba3cd2c411ff54f1996dfc4b

    • SHA512

      2785e49d9c3c7b252d40008a50ec579c2d565b4ed69a860afa33e14cd1abc089240fed0fe651c6b872539f7b9b4a0339fb831aa0282798cb94a56a9e0b0766c8

    • SSDEEP

      12288:SWX+3u/kZGtdZaWLGbKAOiD+bRHZq+KSnk3+kOLv49im7QTkeiJW+D0nvIZvm3GO:NO3u/kstdZVLGOAADq6kOkOE9imN29Q2

    Score
    1/10
    • Target

      e1f978caa52bea250231b81984e7e093a870c648267a1929a6b0f7c15471719f.zip

    • Size

      688KB

    • MD5

      12aa927df35423dbe91b5292984eece2

    • SHA1

      3b24ba04f86ba0c775b03be74a5065c792656e93

    • SHA256

      e1f978caa52bea250231b81984e7e093a870c648267a1929a6b0f7c15471719f

    • SHA512

      2a2eede8f39adfae3c5ee60357b262575463d9be09b40b2b63a1d526102850c34efe24397f2705769aa2b894cd2dbde3dd13c35223d7b165e2ef5e2570f70098

    • SSDEEP

      12288:9x6I7b+YmuED5xWW8vpsfgRALroJMpxsk9eyGIjX68J5KWxonptdWeKtD:iYdmNDtfFLXgcqK5EpnWRx

    Score
    1/10
    • Target

      ORDEN DE COMPRA URGENTE pdf.exe

    • Size

      1.1MB

    • MD5

      56c2e79168a27d15ada4499a0c3feec9

    • SHA1

      7797ea5dc3cd1191d5ebb051f62f79849b6835ce

    • SHA256

      0a6f0b8ace6e7a43bc35e80cee2d7769c4ef3a994b4d38cd4bf7978dfc97c7e8

    • SHA512

      426625985be91c443716a9f68ffdc6667cc5129e2ee4ef554472ab43f8c9a3c037dbc8d9591d99827b0f7fc27c22fb9e793c4a3a947158ca2866df52b166e0f6

    • SSDEEP

      12288:agdVYTTZEcmgH5KqlyGNb5AdER2wOBgNAXrO50Zx0k3eOGIRl6QJn0WpoJpx5oCH:agdVYhHQqcE2BbX/QCc2VUprodc

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks