General

  • Target

    b879fea99153e5c103ccffab0bbc0bd018c4fd3eb789ccf9f3fbd98d27a241e6

  • Size

    351KB

  • Sample

    241223-nxdg4szjar

  • MD5

    6b3678dbadb71db489f13395f0cb278f

  • SHA1

    ef5439e9f40a116f2c682f619ebe9863d284f429

  • SHA256

    b879fea99153e5c103ccffab0bbc0bd018c4fd3eb789ccf9f3fbd98d27a241e6

  • SHA512

    3f4fffccac164e413a515b5493dfd5b81d928ea79ade15cadb57d8b496b45e6c70742a32f1a066e41ace7ff7f174fb04c4677d43365d29b73e80145b5e386b2d

  • SSDEEP

    6144:sBWmwSTfa0nrsUNrDElhjgffwKow3OuZVSvU0fTWa5UDw3wT4Y3l2U/1u5O3IEv5:s/wSTfaWrsUNr0kfXBeu+vtx3oQW1uWh

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      MT Eagle Asia 11.exe

    • Size

      807KB

    • MD5

      421c6f53652413a316da7e7e0c7f99ad

    • SHA1

      3c7cbca25c2d74a9df7eeda6ea76d999357dd7ad

    • SHA256

      40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587

    • SHA512

      7b7251e78e91c00163547fe26f14d3f4441eb10bcac369cbf913bd1c892028ac145a143072e48a8983cfe33fd125746aa9efc8da9695f9287197171c8694e201

    • SSDEEP

      12288:6aMaSzOKy2r7SPNcZoQ1+ssLpdWTDnB75wDR+aPPyA5SnAYKEVotiBVU:5MaSSKy2/SPNw+RLpmnXwRPPyA545/

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks