General

  • Target

    12aa927df35423dbe91b5292984eece2.bin

  • Size

    688KB

  • Sample

    240517-bgm1dsae23

  • MD5

    d22642c9f1f087743ced05ea03388fa7

  • SHA1

    f73bff5a2f9c5cf5c9aab504eb73b0b95ce5ba3e

  • SHA256

    023d74e02c47b1d2b4fa86523f155be9c817ca9098bdcf093b4c04cfc64724fb

  • SHA512

    d2aa92b7ee062aab3eae56b7f339879642f7a7379406108333aafe547cc73e64c5297cb3c99f5d2ac1759677d91ef204ea44f3f63def32f39f7b385726f417fc

  • SSDEEP

    12288:FXwF8UqG4ay6O/OwLu+c/D712wYHQwd+ZSvugX3QCwaI3SpMhJ5gUI34hq5GRU:FYqpl6O/gYPwwdTvuM3QC9Wh/NIohq5l

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.gbogboro.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Egoamaka@123
C2

https://scratchdreams.tk

Targets

    • Target

      ORDEN DE COMPRA URGENTE pdf.exe

    • Size

      1.1MB

    • MD5

      56c2e79168a27d15ada4499a0c3feec9

    • SHA1

      7797ea5dc3cd1191d5ebb051f62f79849b6835ce

    • SHA256

      0a6f0b8ace6e7a43bc35e80cee2d7769c4ef3a994b4d38cd4bf7978dfc97c7e8

    • SHA512

      426625985be91c443716a9f68ffdc6667cc5129e2ee4ef554472ab43f8c9a3c037dbc8d9591d99827b0f7fc27c22fb9e793c4a3a947158ca2866df52b166e0f6

    • SSDEEP

      12288:agdVYTTZEcmgH5KqlyGNb5AdER2wOBgNAXrO50Zx0k3eOGIRl6QJn0WpoJpx5oCH:agdVYhHQqcE2BbX/QCc2VUprodc

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks