General

  • Target

    f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8

  • Size

    152KB

  • Sample

    241112-kvd43sxres

  • MD5

    bceeeaed492e3bd2f71b15db3ef2536f

  • SHA1

    ebc1a46040de5d522c9e55ce73c506e82a90812e

  • SHA256

    f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8

  • SHA512

    9fcae77d636c3d3d6608cadeedcd182996a5a4b9f57e21b02e8fb9d16fa39766059628171021043fff5ef958abe29f763d8f6bb004c62ab30d6146f16e631679

  • SSDEEP

    3072:t+XlnyGeKXVgLNIvZImA5b5OsL0wvxdagbY:WnyTkZa5bpjb

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8

    • Size

      152KB

    • MD5

      bceeeaed492e3bd2f71b15db3ef2536f

    • SHA1

      ebc1a46040de5d522c9e55ce73c506e82a90812e

    • SHA256

      f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8

    • SHA512

      9fcae77d636c3d3d6608cadeedcd182996a5a4b9f57e21b02e8fb9d16fa39766059628171021043fff5ef958abe29f763d8f6bb004c62ab30d6146f16e631679

    • SSDEEP

      3072:t+XlnyGeKXVgLNIvZImA5b5OsL0wvxdagbY:WnyTkZa5bpjb

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks