General

  • Target

    tmp.bin

  • Size

    224KB

  • Sample

    240516-frmvlade38

  • MD5

    8f7d66981fa8d475e952d4804d7d5164

  • SHA1

    8c87eb9cfbe46084ac94a97fa5e1aa4c0832f26c

  • SHA256

    96f12222784c7fc6d77e47a01af2728cf2a75587d17946533eae4496ae3f5f6e

  • SHA512

    574285d99e33a7b7ebff23ae18db719c603807e094de76bd75c5d3dfebde7a9698a2e936803e850e632b4b65462f218fd9105521912538a7f609c9f0bd6f9815

  • SSDEEP

    6144:5DKW1Lgbdl0TBBvjc/4Iz+oI1ofZJFiesmbT:ph1Lk70TnvjctvIejFiesgT

Malware Config

Extracted

Family

snakekeylogger

C2

https://scratchdreams.tk

Targets

    • Target

      tmp.bin

    • Size

      224KB

    • MD5

      8f7d66981fa8d475e952d4804d7d5164

    • SHA1

      8c87eb9cfbe46084ac94a97fa5e1aa4c0832f26c

    • SHA256

      96f12222784c7fc6d77e47a01af2728cf2a75587d17946533eae4496ae3f5f6e

    • SHA512

      574285d99e33a7b7ebff23ae18db719c603807e094de76bd75c5d3dfebde7a9698a2e936803e850e632b4b65462f218fd9105521912538a7f609c9f0bd6f9815

    • SSDEEP

      6144:5DKW1Lgbdl0TBBvjc/4Iz+oI1ofZJFiesmbT:ph1Lk70TnvjctvIejFiesgT

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks