Overview

overview

10

Static

static

3

CTM USD28600.exe

windows7-x64

10

CTM USD28600.exe

windows10-2004-x64

10

Resubmissions

11/06/2024, 12:53

240611-p437saxekg 10

11/06/2024, 12:27

240611-pmrgnaxcpk 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    CTM USD28600.exe

  • Size

    331KB

  • Sample

    240611-pmrgnaxcpk

  • MD5

    d5fc299eb2708903f3132b09af1ebdbb

  • SHA1

    003efab8f439255094d2b8c63e096682509afb4f

  • SHA256

    613308a9ef0289f190c7f9ba6dac4209a93fcbda05d893716a6b40e6167102fd

  • SHA512

    e8577a48ffee301f2eebc13e2b784d65791dc477d1ff2f0fb761cc0a8d999eef024e8c37b74d070de49fb4538b32227e594e446c19ed4dde85e2f1af29326f20

  • SSDEEP

    6144:ju9K5wR27SQn21/bFSj85xl/B2XiYVDc6q40YBgjMRbtvs:ju9K5d7SA2jS0xviiYSfwM

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials
C2

http://103.130.147.85

Targets

    • Target

      CTM USD28600.exe

    • Size

      331KB

    • MD5

      d5fc299eb2708903f3132b09af1ebdbb

    • SHA1

      003efab8f439255094d2b8c63e096682509afb4f

    • SHA256

      613308a9ef0289f190c7f9ba6dac4209a93fcbda05d893716a6b40e6167102fd

    • SHA512

      e8577a48ffee301f2eebc13e2b784d65791dc477d1ff2f0fb761cc0a8d999eef024e8c37b74d070de49fb4538b32227e594e446c19ed4dde85e2f1af29326f20

    • SSDEEP

      6144:ju9K5wR27SQn21/bFSj85xl/B2XiYVDc6q40YBgjMRbtvs:ju9K5d7SA2jS0xviiYSfwM

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks