General

  • Target

    Remittance Slip.z

  • Size

    1.6MB

  • Sample

    241206-stk51azlhr

  • MD5

    9ff0630cfd14aaad684d8eee6213ea07

  • SHA1

    1afda34fac4c6d90cab4019d437bf706c328c019

  • SHA256

    9c0bfc21e1585b4f78e79830bffc4aa324349f51012fbb762fe8d6f94f82fbc7

  • SHA512

    cedd8976404c0d5663644085b1d9077b702118b57ec2c88d44a714526c836573abad3dc7887827d556ce13defac3fe8b67a69486a3db60438b2e72a5f570d18f

  • SSDEEP

    24576:p8NYmtPOLpNqPVJCUcw+ScPbqKVlM7WZGS9c6sMqi4abBsrZmHOSF1qI:qN9OCOUebPblVlTzt4bmFzx

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    gator3220.hostgator.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    empS#w!TZyEMPX(#ExgT38s

Targets

    • Target

      QUOTATION_DECQTRA071244PDF.scr

    • Size

      2.9MB

    • MD5

      f0db130e6b63a94f3d3b33e43cbfbf55

    • SHA1

      198ff2e9a846f3e39d970dc20711fb758406b5cb

    • SHA256

      8f11652e58d9d7ae390cbb476120892e87dcfc4b15a24e8ead9a8f3120fdaaeb

    • SHA512

      f8fe4bf340960a7f3adc44d0d789d36430d56d71d36f68d34a792f8a44fd2f28e9c87b3bbd8551d5200c62f9ed204d3357008aecb4e8dd556d787b749fb3d3de

    • SSDEEP

      49152:dm4TovB6xQlMtR0mG6bGvO2kHlVqWP6tisEbX+aJMcTy:dIJfA5b6to+uTy

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks