General

  • Target

    c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc.exe

  • Size

    1.1MB

  • Sample

    240712-xcrnnsxfnh

  • MD5

    c55b7e8ee23f98be5f425a283c72af18

  • SHA1

    6786ff899c9dd277becbea4ea3dd9b4ea2ac58f2

  • SHA256

    c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc

  • SHA512

    34a1131b8f8e7901bdf8602293e74f06460fa4ed6ccaa228928920dfb00b14832ef82bd77c46f066636e0d51457f11e3a965d5f2fd4f1277aca658f125f6cdfc

  • SSDEEP

    24576:aAHnh+eWsN3skA4RV1Hom2KXMmHaBDMrMhi+/5:th+ZkldoPK8YaBQrZe

Malware Config

Extracted

Family

snakekeylogger

C2

https://scratchdreams.tk

Targets

    • Target

      c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc.exe

    • Size

      1.1MB

    • MD5

      c55b7e8ee23f98be5f425a283c72af18

    • SHA1

      6786ff899c9dd277becbea4ea3dd9b4ea2ac58f2

    • SHA256

      c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc

    • SHA512

      34a1131b8f8e7901bdf8602293e74f06460fa4ed6ccaa228928920dfb00b14832ef82bd77c46f066636e0d51457f11e3a965d5f2fd4f1277aca658f125f6cdfc

    • SSDEEP

      24576:aAHnh+eWsN3skA4RV1Hom2KXMmHaBDMrMhi+/5:th+ZkldoPK8YaBQrZe

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks