General

  • Target

    3.lha

  • Size

    78KB

  • Sample

    241115-pg9q2stja1

  • MD5

    6fe593ea3bb000f802b29e55e8447f6a

  • SHA1

    7eb338c48609b2e3c6e279ad9c4b66844907ec20

  • SHA256

    6b1d37510f2465cd2931c4814b85f21115dda4c6694667c734142e03235917ae

  • SHA512

    ed53355349429c95f2516a660057080197e6bd819000eb84ad22d0580ca519964d0a9740806b749401cec7ec74c408d97681b502bc5b8dd220dc515033b95a67

  • SSDEEP

    1536:5BlmbvbLA21Tsoc/TMWpDxcDo0su0usvopF4oqt2n0bjuEavWhshP2G:vlmDIQooc7xpDyo0sVo5xnmuEWP2G

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    gator3220.hostgator.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    G!!HFpD@N*]*nF

Targets

    • Target

      QUOTATION_NOVQTRA071244PDF.scr

    • Size

      183KB

    • MD5

      49a58ccea100ad0611a27e996e74fd3e

    • SHA1

      ed323734aea95ea4c69a453689e55cc7f4fc9b8f

    • SHA256

      b660914772e3ab830a6d024d2d5d09fb0568240578bdc218516bc91de57e88a2

    • SHA512

      e06b0760f82ea8e63908fcfdde8811d4de6d964338d86cfe4d73913cd39a124033ce1a17b81938afe4a218a3fbdfc050d240c60e34a706d120125710303bb1b3

    • SSDEEP

      3072:Z7kNPz56LkCzxqOL2wMCFIwg/mth9rPkA2AhEV:ZYhzgLkgMOCwMwg/mth9rPkB5

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks