General

  • Target

    a498c70735258e7cb2204d02d81d5d2f31c266da60231dc50857c4267b4f48c1.exe

  • Size

    610KB

  • Sample

    241024-c6sgva1bnc

  • MD5

    2144b1c24a7ff469c8f2b9a7a97343ac

  • SHA1

    3616325db9ac7ad66793a38e3fa29d86faa0d3ca

  • SHA256

    a498c70735258e7cb2204d02d81d5d2f31c266da60231dc50857c4267b4f48c1

  • SHA512

    bc7cf9a22b854ccada8638e8fe26bf01c633d03be2caa927867df9940f075d0aed147349a6db1d93e833cb96e83561d91349bcded509df0d38a97b60765dcae1

  • SSDEEP

    12288:SuqGY9wn8lISIgt6M177MgRudvlE9neaw:5M7l9tSdva5

Malware Config

Targets

    • Target

      a498c70735258e7cb2204d02d81d5d2f31c266da60231dc50857c4267b4f48c1.exe

    • Size

      610KB

    • MD5

      2144b1c24a7ff469c8f2b9a7a97343ac

    • SHA1

      3616325db9ac7ad66793a38e3fa29d86faa0d3ca

    • SHA256

      a498c70735258e7cb2204d02d81d5d2f31c266da60231dc50857c4267b4f48c1

    • SHA512

      bc7cf9a22b854ccada8638e8fe26bf01c633d03be2caa927867df9940f075d0aed147349a6db1d93e833cb96e83561d91349bcded509df0d38a97b60765dcae1

    • SSDEEP

      12288:SuqGY9wn8lISIgt6M177MgRudvlE9neaw:5M7l9tSdva5

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.