General

  • Target

    d38eacbc4a074db5cf3f105d7ddf4eef26bcae08c64a7443ceba304f53081016.z

  • Size

    31KB

  • Sample

    241108-egg1xsvern

  • MD5

    9d6e7bef025348b887099250714fa880

  • SHA1

    1f5adeb3d5f9958d8faedf4233bd9b4c4f305d83

  • SHA256

    d38eacbc4a074db5cf3f105d7ddf4eef26bcae08c64a7443ceba304f53081016

  • SHA512

    12a90e1a52bbb963eb6856ab517109c2981879d15ef166440b54155fd0c7908784d41add5794a1e835c7b0d4f9b452c282aff935971e7c8c80e26888adf5644c

  • SSDEEP

    768:OGoDaTkpDq2CpaHqLA7p6YyGmMzh9PYiiyvYkKNr3HJ+9:OeTSDhCpaKA7DyGmc/neker3J+9

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    gator3220.hostgator.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    G!!HFpD@N*]*nF

Targets

    • Target

      QUOTATION_NOVQTRA071244PDF.scr

    • Size

      73KB

    • MD5

      3518e621e9ac0f5c9de6e3c3921c1365

    • SHA1

      78582a73cc154ff3415225f57d9ca615c02b80a1

    • SHA256

      7d79f16250f4c090d466be4ee8d4df679b489313ef5cb01e3528b71f64b9d3e8

    • SHA512

      e1eb1a1def9805a2eee3c1cdd20a040c351643115c0642be8ef3b767f4c0952ddac312382730841eda4e72bd4691d03d9c7567e1032d30abd7448ccfb677b7de

    • SSDEEP

      768:MhpjDqQflLNiasAnRYizE7fYd54DPzdpK5wzJUbtE9m+g4/lZX/f8a0MKG06EgRy:aNzialHII4fd7qb+g4/lZ+MKG06EYre

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks