General

  • Target

    e56cf4b46e72a9d3e5cc05406eccdf51617734e2a462257773c16aab9c3bdcf8.exe

  • Size

    955KB

  • Sample

    241010-cwnqxavfkd

  • MD5

    f140da3340627af6e62f28eba1926d1d

  • SHA1

    f89f5abc62e92446d8196de2dea892bf82e48054

  • SHA256

    e56cf4b46e72a9d3e5cc05406eccdf51617734e2a462257773c16aab9c3bdcf8

  • SHA512

    e75e6449c9ac74cf589a8e2d8ee458c93118c459122772d614f18d42c8d2295342ec8717c3a403a255a57fb7079745354c282fbdd3a23e2c5870e668a21ed3a9

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaC34Qm+ixp1J/t8aBraFvC:7JZoQrbTFZY1iaC3d6z72F6

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      e56cf4b46e72a9d3e5cc05406eccdf51617734e2a462257773c16aab9c3bdcf8.exe

    • Size

      955KB

    • MD5

      f140da3340627af6e62f28eba1926d1d

    • SHA1

      f89f5abc62e92446d8196de2dea892bf82e48054

    • SHA256

      e56cf4b46e72a9d3e5cc05406eccdf51617734e2a462257773c16aab9c3bdcf8

    • SHA512

      e75e6449c9ac74cf589a8e2d8ee458c93118c459122772d614f18d42c8d2295342ec8717c3a403a255a57fb7079745354c282fbdd3a23e2c5870e668a21ed3a9

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaC34Qm+ixp1J/t8aBraFvC:7JZoQrbTFZY1iaC3d6z72F6

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks