General

  • Target

    0e8152b702c6bf11f73fa030382ee6f076fe839b48c3c490140cde948c8b2e1e

  • Size

    129KB

  • Sample

    240712-fjqlhs1hna

  • MD5

    185f33b6202bb779a46234e02ce8199b

  • SHA1

    a67291dd0cc7fd70d78eb395b0277be770f79518

  • SHA256

    0e8152b702c6bf11f73fa030382ee6f076fe839b48c3c490140cde948c8b2e1e

  • SHA512

    90153d402f8970ee31d606ae4b3667d81a156463e615ac22408f1ea6a4e753ad16992a27f6626d9cc6c095e3fbcd5e3134c1dcc9bf033614dd590be71a35a268

  • SSDEEP

    3072:eqd9klJFhj3NolU9jceaDS+bLpsrzwvxLVpaDbY:tklJHj3QaN+b/pgb

Malware Config

Extracted

Family

snakekeylogger

Credentials
C2

http://103.130.147.85

Targets

    • Target

      0e8152b702c6bf11f73fa030382ee6f076fe839b48c3c490140cde948c8b2e1e

    • Size

      129KB

    • MD5

      185f33b6202bb779a46234e02ce8199b

    • SHA1

      a67291dd0cc7fd70d78eb395b0277be770f79518

    • SHA256

      0e8152b702c6bf11f73fa030382ee6f076fe839b48c3c490140cde948c8b2e1e

    • SHA512

      90153d402f8970ee31d606ae4b3667d81a156463e615ac22408f1ea6a4e753ad16992a27f6626d9cc6c095e3fbcd5e3134c1dcc9bf033614dd590be71a35a268

    • SSDEEP

      3072:eqd9klJFhj3NolU9jceaDS+bLpsrzwvxLVpaDbY:tklJHj3QaN+b/pgb

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks