Overview

overview

10

Static

static

3

38e9d0435a...21.exe

windows7-x64

10

38e9d0435a...21.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38e9d0435a80a7c280bb656e83dafab48ab88c447e17f5ad2da89959707e2021.exe

  • Size

    540KB

  • Sample

    240925-byn9saxbjm

  • MD5

    1d080c71b03634f984c19f08b200f0bf

  • SHA1

    34abebce3daeea9dc5ee8ca3dd2bd70676b98a08

  • SHA256

    38e9d0435a80a7c280bb656e83dafab48ab88c447e17f5ad2da89959707e2021

  • SHA512

    83de1aab06806753b808f225b8efc865d31394aa70025b3130b440de6c18bcc592eea604e6d4f10a78503b5d78d9e164a87f05780b405e405df3cc80ee62549f

  • SSDEEP

    6144:h6ejH9QgV2uH8HCbSbRLjAguKxmpJUMWVUPyVfxqK8cQCZphtyylXC35zQTv9VEW:h6u9QgVtHeHRiqMW6yVJqcQ8+WTZ

Score
10/10
snakekeyloggercollectiondiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.emmioglu.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Kaya2758+
C2

https://api.telegram.org/bot7824402550:AAF0zLhO0leZXvzGs8C_m31pnXq-KGoVm_I/sendMessage?chat_id=6651428318

Targets

    • Target

      38e9d0435a80a7c280bb656e83dafab48ab88c447e17f5ad2da89959707e2021.exe

    • Size

      540KB

    • MD5

      1d080c71b03634f984c19f08b200f0bf

    • SHA1

      34abebce3daeea9dc5ee8ca3dd2bd70676b98a08

    • SHA256

      38e9d0435a80a7c280bb656e83dafab48ab88c447e17f5ad2da89959707e2021

    • SHA512

      83de1aab06806753b808f225b8efc865d31394aa70025b3130b440de6c18bcc592eea604e6d4f10a78503b5d78d9e164a87f05780b405e405df3cc80ee62549f

    • SSDEEP

      6144:h6ejH9QgV2uH8HCbSbRLjAguKxmpJUMWVUPyVfxqK8cQCZphtyylXC35zQTv9VEW:h6u9QgVtHeHRiqMW6yVJqcQ8+WTZ

    Score
    10/10
    snakekeyloggercollectiondiscoverykeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks