General

  • Target

    c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98.exe

  • Size

    1.0MB

  • Sample

    241002-bzxbsa1arm

  • MD5

    704b1f2b6c81c8818755fe4d5fd4536b

  • SHA1

    0f517a0459ef86c9193bfde48cfa7c5eb163d2d1

  • SHA256

    c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98

  • SHA512

    8c2815a2a9ba4d1780ce895164544c2f7beaee5e561cee31fab01b7c7d1a9f7a31aab38776f995f4fe4b538a03379adbb7185f79ccc1869f0172e2f4a25c55e3

  • SSDEEP

    12288:HLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QPpGJE/azOtf2xaXmlp4ahrMJATZnvZS:rfmMv6Ckr7Mny5QPi2tUJLkIhoUAB

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.invesxteu.info
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    dN2lI9vN9y

Targets

    • Target

      c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98.exe

    • Size

      1.0MB

    • MD5

      704b1f2b6c81c8818755fe4d5fd4536b

    • SHA1

      0f517a0459ef86c9193bfde48cfa7c5eb163d2d1

    • SHA256

      c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98

    • SHA512

      8c2815a2a9ba4d1780ce895164544c2f7beaee5e561cee31fab01b7c7d1a9f7a31aab38776f995f4fe4b538a03379adbb7185f79ccc1869f0172e2f4a25c55e3

    • SSDEEP

      12288:HLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QPpGJE/azOtf2xaXmlp4ahrMJATZnvZS:rfmMv6Ckr7Mny5QPi2tUJLkIhoUAB

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks