General

  • Target

    QUOTATION_NOVQTRA071244·PDF.scr.exe

  • Size

    404KB

  • Sample

    241121-pb6gfasfmm

  • MD5

    c62fb9bd9189ed019db81d5cec1ee11b

  • SHA1

    1eda85cc204de90b33edddb1d8dfdf59a3dae847

  • SHA256

    9c891264b004f469657e84658ba1d82d2365d9a76cfe7e18cefb2a8e0ccdb1a3

  • SHA512

    99d1691a5c87237bc6faafe3ffd2f6a7e45c65805d5f527db62d4c3da0e4255c9924a1b47ecde11aff00f8dfbbf89de43f81ce650dbce114cf38bf437455be83

  • SSDEEP

    1536:/v12J7YRB+RdtZTQj+AcC0VFQVQsjY30+NNU3PDQ7qPpqOLy0uyL+f1:129seA1Y3h6EYuyA

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      QUOTATION_NOVQTRA071244·PDF.scr.exe

    • Size

      404KB

    • MD5

      c62fb9bd9189ed019db81d5cec1ee11b

    • SHA1

      1eda85cc204de90b33edddb1d8dfdf59a3dae847

    • SHA256

      9c891264b004f469657e84658ba1d82d2365d9a76cfe7e18cefb2a8e0ccdb1a3

    • SHA512

      99d1691a5c87237bc6faafe3ffd2f6a7e45c65805d5f527db62d4c3da0e4255c9924a1b47ecde11aff00f8dfbbf89de43f81ce650dbce114cf38bf437455be83

    • SSDEEP

      1536:/v12J7YRB+RdtZTQj+AcC0VFQVQsjY30+NNU3PDQ7qPpqOLy0uyL+f1:129seA1Y3h6EYuyA

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks