General

  • Target

    27ffcd71286d5f2f958df742165ff8995288de83072b65d6415d1ed8db0a3aba.exe

  • Size

    163KB

  • Sample

    241102-dylj1awrfw

  • MD5

    7437a3e4149fcbeae7a68758b2834986

  • SHA1

    a799bf651a1c4c0d9ec705b6e1d9ae5903fb1546

  • SHA256

    27ffcd71286d5f2f958df742165ff8995288de83072b65d6415d1ed8db0a3aba

  • SHA512

    7576dba8a912ac7ca61165285008a13eb8f69544de4e6f663e578ef14250f58296a78831d8a1f70752ac8d042d71b0dc2cd59217ccb2efa14df3a92dc1b1da46

  • SSDEEP

    1536:GpuePk4jSYamBPGoy9lKPwMYtryr3B+oc5PpLciER4xD7HlrDh6zJT/+GXWprEB3:VTY690ppQKUD0zJTmkWpAay4kzwOCO

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    gator3220.hostgator.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    P!^%ce*gxf$QyA

Targets

    • Target

      27ffcd71286d5f2f958df742165ff8995288de83072b65d6415d1ed8db0a3aba.exe

    • Size

      163KB

    • MD5

      7437a3e4149fcbeae7a68758b2834986

    • SHA1

      a799bf651a1c4c0d9ec705b6e1d9ae5903fb1546

    • SHA256

      27ffcd71286d5f2f958df742165ff8995288de83072b65d6415d1ed8db0a3aba

    • SHA512

      7576dba8a912ac7ca61165285008a13eb8f69544de4e6f663e578ef14250f58296a78831d8a1f70752ac8d042d71b0dc2cd59217ccb2efa14df3a92dc1b1da46

    • SSDEEP

      1536:GpuePk4jSYamBPGoy9lKPwMYtryr3B+oc5PpLciER4xD7HlrDh6zJT/+GXWprEB3:VTY690ppQKUD0zJTmkWpAay4kzwOCO

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks