General

  • Target

    Invoice DHL - AWB 2024 E4001 - 0000731.exe

  • Size

    44KB

  • Sample

    241220-lbbehsvjdt

  • MD5

    1147fdf9a4f5f4dcdbdd6c080c88e083

  • SHA1

    753e81bcdb1750a4cc0d34093fe2cd5f5512d77a

  • SHA256

    4ec5b3be5d6a5039ec5c725a8da4290f6faf51e744c4b6441c9e625dbe7cc88e

  • SHA512

    1bcae2918af561663d07fe3ebf1caa7f4d921185b8cf62ee93e70c7df6142cd07163eaf50000d6b516b9215aee09d04b9f5a579fcd5f655895d0ffd5ede534b7

  • SSDEEP

    768:1IVFJHupNktBnTqwCRMrhmwpdueYN2/JRFHvOrogqT1Udf18KUknBAJ7:1IFHupNkvTqw2ghmwHYNchvO8gq6fVUt

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Invoice DHL - AWB 2024 E4001 - 0000731.exe

    • Size

      44KB

    • MD5

      1147fdf9a4f5f4dcdbdd6c080c88e083

    • SHA1

      753e81bcdb1750a4cc0d34093fe2cd5f5512d77a

    • SHA256

      4ec5b3be5d6a5039ec5c725a8da4290f6faf51e744c4b6441c9e625dbe7cc88e

    • SHA512

      1bcae2918af561663d07fe3ebf1caa7f4d921185b8cf62ee93e70c7df6142cd07163eaf50000d6b516b9215aee09d04b9f5a579fcd5f655895d0ffd5ede534b7

    • SSDEEP

      768:1IVFJHupNktBnTqwCRMrhmwpdueYN2/JRFHvOrogqT1Udf18KUknBAJ7:1IFHupNkvTqw2ghmwHYNchvO8gq6fVUt

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks