General

  • Target

    Shipping Documents_Pdf.exe

  • Size

    1.3MB

  • Sample

    240918-qh7thssenb

  • MD5

    dea5082a3541fe4de74d82fa1aa68485

  • SHA1

    af13f6421876b3fcd15bfa579bf2d4f461e315f3

  • SHA256

    9af3fd91cfda8538cecd24a9221ee88cb8fec6f44b5d407703ff913cd1302d1c

  • SHA512

    f962782dccab7f70980f1dd92e02b28d3724054692c0537b5944360be34c1251a99538cdd7461e303920d2c05c8c0eab9b5c9f8b1839686b8815a7f39e462c0c

  • SSDEEP

    24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aY1VhJG7qWA3K2lQev8KlsM:uTvC/MTQYxsWR7aqVW7qW4lnrl

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Shipping Documents_Pdf.exe

    • Size

      1.3MB

    • MD5

      dea5082a3541fe4de74d82fa1aa68485

    • SHA1

      af13f6421876b3fcd15bfa579bf2d4f461e315f3

    • SHA256

      9af3fd91cfda8538cecd24a9221ee88cb8fec6f44b5d407703ff913cd1302d1c

    • SHA512

      f962782dccab7f70980f1dd92e02b28d3724054692c0537b5944360be34c1251a99538cdd7461e303920d2c05c8c0eab9b5c9f8b1839686b8815a7f39e462c0c

    • SSDEEP

      24576:uqDEvCTbMWu7rQYlBQcBiT6rprG8aY1VhJG7qWA3K2lQev8KlsM:uTvC/MTQYxsWR7aqVW7qW4lnrl

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks