General

  • Target

    03102024_0529_02102024_Estimate_Quote.7z

  • Size

    602KB

  • Sample

    241003-f6pmqsxamq

  • MD5

    31509bf26ba8ecc85f11da8e91fafcb3

  • SHA1

    c45b08b74a9fef26a108ed2305befb0f24df14ca

  • SHA256

    2eb0eb10118bb0579680297c1fb54d8fb3edb6d53e93dc7a0166198509383a06

  • SHA512

    d5e20cd549ae6c1bd46021e8870de0232a9d97ddc95d687da581780a2390f64c1fc09d08502440b8289625b4224e523a180613a1bb9618906eecef9411cf382a

  • SSDEEP

    12288:oUPVfPEAk0bBilcw/H9ZdlO6/0KWkgCoj+gHfKq2jj8zKvu:rXk0FilX1K0gHfKq2Tvu

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Estimate_Quote.exe

    • Size

      952KB

    • MD5

      8db80713ca849f28122978c35a9ade6b

    • SHA1

      9bc8cbb2a1ca3b567a508b0a8e4c4034c156ca9a

    • SHA256

      8d7080d308ba79efbaeb115d95592afc33187264e22cbadc277cbc82d286f49a

    • SHA512

      30ba121588acfcb7f75168cbc4c4217c44aa0b5ecbf1d775e023bbe07396fbfb2a16c53b34f72efae9c25ce0e6d4a1fb2c5bcf2b013f86beabe6598f6df4e78d

    • SSDEEP

      12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLZsmbMy9pZn2fCyYBWphL7BbpG:ffmMv6Ckr7Mny5QLZYQpoqrBWphnZs

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks