Overview

overview

10

Static

static

1

IMG_1507_1603.7z

windows7-x64

3

IMG_1507_1603.7z

windows10-2004-x64

3

IMG_1507_1603.exe

windows7-x64

6

IMG_1507_1603.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_1507_1603.7z

  • Size

    145KB

  • Sample

    240918-l7p8jsvela

  • MD5

    c0107a7343aba58c9304ca6186168e7d

  • SHA1

    6b755159cc3900e4a9302ab50b2c8124a888e566

  • SHA256

    ffb23cc112eda5d6390a899f3185b7e2cd11c31b2c34bb8e6c3509382d3e64cf

  • SHA512

    e185558a5495b28da579d40dd58762521f70aa12484c96e798ae0b80ee0c2d4a5c0cbc5ee9a63e39e6c215a66a2222cf8295a8ad5fe06566816e3ad5da042e35

  • SSDEEP

    3072:xPVCiVlJNTqwXM/kYwowFmNoUaUsn1hNgcyc9GUMqWSkVC0a:yeLNTskYwozfEg+GUxiC0a

Score
10/10
snakekeyloggercollectioncredential_accessdiscoverykeyloggerpersistencestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      IMG_1507_1603.7z

    • Size

      145KB

    • MD5

      c0107a7343aba58c9304ca6186168e7d

    • SHA1

      6b755159cc3900e4a9302ab50b2c8124a888e566

    • SHA256

      ffb23cc112eda5d6390a899f3185b7e2cd11c31b2c34bb8e6c3509382d3e64cf

    • SHA512

      e185558a5495b28da579d40dd58762521f70aa12484c96e798ae0b80ee0c2d4a5c0cbc5ee9a63e39e6c215a66a2222cf8295a8ad5fe06566816e3ad5da042e35

    • SSDEEP

      3072:xPVCiVlJNTqwXM/kYwowFmNoUaUsn1hNgcyc9GUMqWSkVC0a:yeLNTskYwozfEg+GUxiC0a

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      IMG_1507_1603.exe

    • Size

      476KB

    • MD5

      2a8a0d373755a556111968002bb0ae18

    • SHA1

      f2a651bbc2f162b00c36d6c742afeee573873304

    • SHA256

      1635f4e2f8b923df075800c4654771d8253a3081a7a19788d033b479482e4361

    • SHA512

      f243f2381368c1c296b2f9b0a757c5040bc2fdbfefcc339b45f4a85fb3d7e2da27b3b626825261c1788753e29ca50338a1b97742d2354932c3430a4dfcde1fc8

    • SSDEEP

      6144:hc596EGotRMO7a89EibwB4Cw88YTK7XjHbHI5Cj604zhMhr1:hc596EGmKO7a89Ez4C9DGDb4CB

    Score
    10/10
    discoverypersistencesnakekeyloggercollectioncredential_accesskeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks