Overview

overview

10

Static

static

3

QUOTATION_...DF.scr

windows7-x64

10

QUOTATION_...DF.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acdcacda99a817f820fc651d493a3ab1c60b6917f0b7379df764338882ccfca8.z

  • Size

    74KB

  • Sample

    241102-je21ja1akg

  • MD5

    9ab76dd6b4c3bca866a91bbb66392d78

  • SHA1

    c9ca2af352715374ccd2ebb558a22b66b31c74f8

  • SHA256

    acdcacda99a817f820fc651d493a3ab1c60b6917f0b7379df764338882ccfca8

  • SHA512

    055f8043f1aa78b8f007bc750c63cff9b1f746008b0b6818e9c21aa672582e3b187e0128388dccc16b6d230b706aac634d90bf48fae06bb89cfebdd09bebd246

  • SSDEEP

    1536:uUDz0gQfvrqxd/LeOuVDXf/w1cyqfUpIxlo3LAzuWF+BrWt:tufvrsdCbPdfU+xlo7MlQrWt

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    gator3220.hostgator.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    G!!HFpD6EwDq*nF

Targets

    • Target

      QUOTATION_NOVQTRA071244PDF.scr

    • Size

      163KB

    • MD5

      96349e5e49271d39ffcf6ec9c50ceb59

    • SHA1

      5b9953512ccbbbf7215d4141c1ded9dbdc0f70dd

    • SHA256

      5c9fc59003603b1af1ef6f29731f0c8531cef2e94103485686837d676b1f474d

    • SHA512

      6bd167d542e50e77f8d057f7ade878c0f9d1a02030090a4515a97c20ca7ecb2fbdf8f19073cde3eeea7cb3344fd2eaa96d9f0a3829bf44f3d8cebf9886f505d4

    • SSDEEP

      3072:1RzX9LAZc4Uk/172UL1gH6m+Gvq4EwOCk:1RzX9Z2daUL1gH6mPi4EwO

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks