Resubmissions

14-12-2024 15:43

241214-s6a6kawqhv 10

14-12-2024 15:39

241214-s3nmgsylal 10

General

  • Target

    pago 4094.r09

  • Size

    479KB

  • Sample

    241214-s6a6kawqhv

  • MD5

    a448bda0002ecd968b6ae9526617c974

  • SHA1

    cf13df73eff74b9ceb6d837c1d7cc9d01fe918db

  • SHA256

    ad24b345eac9876a65fb6b0d2eda0da669c3b23aaa969db9ce913f8a63c0a5f1

  • SHA512

    2f819a259e875183db1fd4357f94296352f2953a1c1536459d6df625222c19feaa392ccd8d9c3b4051960b5c1095bd06e8f8315b6882ae150f99b813fee83dc2

  • SSDEEP

    12288:FlVvIQalIT28m/A4CAa0nuRG4XYB5pYGCP5G:Fl5nalyGzBuk4IB5pY7G

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    info@wso-security.com
  • Password:
    UWzDeXWsD8

Targets

    • Target

      pago 4094.exe

    • Size

      528KB

    • MD5

      1a0f4cc0513f1b56fef01c815410c6ea

    • SHA1

      a663c9ecf8f488d6e07b892165ae0a3712b0e91f

    • SHA256

      d483d48c15f797c92c89d2eafcc9fc7cbe0c02cabe1d9130bb9069e8c897c94c

    • SHA512

      4251fd4738f6b47a327b1f1d7609aa5af623669734a1fc9ebf5786337d0fbc5142c8176e51f9f2f5869e47bdbbb2f46090f66fb3cea30189d57917b58049f84b

    • SSDEEP

      12288:PXPZDbCo/k+n70P4uR87fD0iBTJj1ijFDTw:hOz+IPz6/PF1ihDTw

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.