General

  • Target

    ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234

  • Size

    1.1MB

  • Sample

    241121-wp8x2synfq

  • MD5

    50bb47bb771b4140a514b309b643711e

  • SHA1

    60ecc3ff6bad5b263313d8c35b91c461b3632d0d

  • SHA256

    ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234

  • SHA512

    1a7746b7a6854d372a9ed448ab7746ec8a2ce1009d17a50a1e47a5ce6f983d64308834fc94bf30ceed87303b7507084c690ef12fcb3cfd3484008005ac4a1d51

  • SSDEEP

    24576:PgbVReM+Fcmpgk+V41PAEXVz5L/905ipqa6LTlxIL:e/mUO4ErLl08pqu

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234

    • Size

      1.1MB

    • MD5

      50bb47bb771b4140a514b309b643711e

    • SHA1

      60ecc3ff6bad5b263313d8c35b91c461b3632d0d

    • SHA256

      ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234

    • SHA512

      1a7746b7a6854d372a9ed448ab7746ec8a2ce1009d17a50a1e47a5ce6f983d64308834fc94bf30ceed87303b7507084c690ef12fcb3cfd3484008005ac4a1d51

    • SSDEEP

      24576:PgbVReM+Fcmpgk+V41PAEXVz5L/905ipqa6LTlxIL:e/mUO4ErLl08pqu

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks