General

  • Target

    01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783.exe

  • Size

    996KB

  • Sample

    241210-cg8sjavlcr

  • MD5

    9d6d766bbc9e1f2384bc31f297b4dbb9

  • SHA1

    8f6ca29b1bde72b85da4c6bd2933aabb46e67ab3

  • SHA256

    01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783

  • SHA512

    ec442e988964e237df6d56ea8b3d2dbd73e1bb8a68cb6f09389b679a767ba12bd615ba81f5046c94d3545d16bb89b5e6841d92da2768701a084ddc09052ae7f2

  • SSDEEP

    24576:1u6J33O0c+JY5UZ+XC0kGso6FaXJnBWO98ZmhWY:Xu0c++OCvkGs9FaXJnXgY

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783.exe

    • Size

      996KB

    • MD5

      9d6d766bbc9e1f2384bc31f297b4dbb9

    • SHA1

      8f6ca29b1bde72b85da4c6bd2933aabb46e67ab3

    • SHA256

      01c5e22e0947ce7bee51215874fda131e330d5bf70db9ac34ca5854b35d96783

    • SHA512

      ec442e988964e237df6d56ea8b3d2dbd73e1bb8a68cb6f09389b679a767ba12bd615ba81f5046c94d3545d16bb89b5e6841d92da2768701a084ddc09052ae7f2

    • SSDEEP

      24576:1u6J33O0c+JY5UZ+XC0kGso6FaXJnBWO98ZmhWY:Xu0c++OCvkGs9FaXJnXgY

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks