General

  • Target

    40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587.exe

  • Size

    807KB

  • Sample

    241224-d7neys1mhr

  • MD5

    421c6f53652413a316da7e7e0c7f99ad

  • SHA1

    3c7cbca25c2d74a9df7eeda6ea76d999357dd7ad

  • SHA256

    40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587

  • SHA512

    7b7251e78e91c00163547fe26f14d3f4441eb10bcac369cbf913bd1c892028ac145a143072e48a8983cfe33fd125746aa9efc8da9695f9287197171c8694e201

  • SSDEEP

    12288:6aMaSzOKy2r7SPNcZoQ1+ssLpdWTDnB75wDR+aPPyA5SnAYKEVotiBVU:5MaSSKy2/SPNw+RLpmnXwRPPyA545/

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587.exe

    • Size

      807KB

    • MD5

      421c6f53652413a316da7e7e0c7f99ad

    • SHA1

      3c7cbca25c2d74a9df7eeda6ea76d999357dd7ad

    • SHA256

      40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587

    • SHA512

      7b7251e78e91c00163547fe26f14d3f4441eb10bcac369cbf913bd1c892028ac145a143072e48a8983cfe33fd125746aa9efc8da9695f9287197171c8694e201

    • SSDEEP

      12288:6aMaSzOKy2r7SPNcZoQ1+ssLpdWTDnB75wDR+aPPyA5SnAYKEVotiBVU:5MaSSKy2/SPNw+RLpmnXwRPPyA545/

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks