General

  • Target

    New_Order_List.exe

  • Size

    1.0MB

  • Sample

    241210-rfsggssmgq

  • MD5

    4b037cf4462c90c7e77d4f57bed16c21

  • SHA1

    8f7d54b98be9b55f1cbbbad46d0a836446f7783b

  • SHA256

    9b2220576f9358bbe2b6d7b05794eaf490aae7454b40f16c52881a5f4f654725

  • SHA512

    d981c280c356f3d6fd2b631ae85267ba314760319a460a66cf5e19551e57ac73ff55598c009b33fcf429c0051196251ab4191e091a58f9a5408bfc9e736f9fb3

  • SSDEEP

    12288:TbtntFH2tCeTcLV9BQEr9wM/j4Hy2qbtM8CAGbZ+WG9rc2iqFbxxYXDmgOv:TbtntFX9tpqHLqhp5OixYXDmr

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.fineseeds.com
  • Port:
    587
  • Username:
    nabil-saad@fineseeds.com
  • Password:
    FineSeeds_NS@2020

Targets

    • Target

      New_Order_List.exe

    • Size

      1.0MB

    • MD5

      4b037cf4462c90c7e77d4f57bed16c21

    • SHA1

      8f7d54b98be9b55f1cbbbad46d0a836446f7783b

    • SHA256

      9b2220576f9358bbe2b6d7b05794eaf490aae7454b40f16c52881a5f4f654725

    • SHA512

      d981c280c356f3d6fd2b631ae85267ba314760319a460a66cf5e19551e57ac73ff55598c009b33fcf429c0051196251ab4191e091a58f9a5408bfc9e736f9fb3

    • SSDEEP

      12288:TbtntFH2tCeTcLV9BQEr9wM/j4Hy2qbtM8CAGbZ+WG9rc2iqFbxxYXDmgOv:TbtntFX9tpqHLqhp5OixYXDmr

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.