General

  • Target

    PG567777878-H677889978-6G89O9I4567778.exe

  • Size

    950KB

  • Sample

    241028-wl1r9svbqe

  • MD5

    051b32061ee6409bea2940fba5a8cea9

  • SHA1

    3ef3be3f05e8f91e0a3c75d59e6c5c2e8506929b

  • SHA256

    a75aa2468bedb7ee3e802fe0c238dcb052c988dc2e378b9453060cff70022519

  • SHA512

    5e6e110f4e86d32674cc91bf98882a170d0b793401b0004674ba0962579f3ea63a2ab8f4601711c6f591fe2037a3a7581403658d6cca8a16ba3e44b02d7a2c7f

  • SSDEEP

    12288:aLkcoxg7v3qnC11ErwIhh0F4qwUgUny5Q4+C3XtZUJbwmOibFc9AFofogsj1opjl:YfmMv6Ckr7Mny5Qp6KJc9AFEoWR

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.invesxteu.info
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    dN2lI9vN9y

Targets

    • Target

      PG567777878-H677889978-6G89O9I4567778.exe

    • Size

      950KB

    • MD5

      051b32061ee6409bea2940fba5a8cea9

    • SHA1

      3ef3be3f05e8f91e0a3c75d59e6c5c2e8506929b

    • SHA256

      a75aa2468bedb7ee3e802fe0c238dcb052c988dc2e378b9453060cff70022519

    • SHA512

      5e6e110f4e86d32674cc91bf98882a170d0b793401b0004674ba0962579f3ea63a2ab8f4601711c6f591fe2037a3a7581403658d6cca8a16ba3e44b02d7a2c7f

    • SSDEEP

      12288:aLkcoxg7v3qnC11ErwIhh0F4qwUgUny5Q4+C3XtZUJbwmOibFc9AFofogsj1opjl:YfmMv6Ckr7Mny5Qp6KJc9AFEoWR

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks