Overview

overview

10

Static

static

3

Contract_0103.exe

windows7-x64

10

Contract_0103.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09012025_1058_08012025_Contract_0103.bz

  • Size

    621KB

  • Sample

    250109-m3bd9szpbp

  • MD5

    290e6ed37acdc6de0a4ec3a9d1730795

  • SHA1

    0dcf5c85e27448098ab99530e3ba1544b8f805f6

  • SHA256

    9341ed285a5e894095430766621508822d6973ef98bfc442336de526c8ad762e

  • SHA512

    d6e1ec8c15d568f1937c65f6863f84b0e7c216ee0b982fc13b36938f5a18804b9581ad05a30532f3b302872d1ed81b3011ad989ba0293a0e8f94c38c7fad8199

  • SSDEEP

    12288:9t429YjI3lynWUzPFJ0N/VjHDhmOB682FXDfz16T3guGSx0TjjpbEZNe:ijI3dU7g/VjdmOBq6T3g9XaNe

Score
10/10
snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      Contract_0103.exe

    • Size

      705KB

    • MD5

      c83ee1a2f029b861a6a66ea25e2ae356

    • SHA1

      97b083bf9f6b797d328bc37f43eabcfdd007c3eb

    • SHA256

      e4f2a7707dc8781db5279fef6f56adf628981b82c6b9640f82af0f7decce8626

    • SHA512

      113764c1599dafc25b5e3d5ab1aafe5dfc62cf1b832e6f6794f19cace61cb9ac5b35f3c19e25a0f536f2539ed07d3a462ebb3bfc04bd293ad7f62e39a337cd96

    • SSDEEP

      12288:wIq4E6mfJiLl9yWcbQkpClSxCxC61F9SDc8GFXDfL16T3gu+kx0TpvpKRZNi2L:DEkD+pCljC6X9WG6T3g1JRw

    Score
    10/10
    snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Snakekeylogger family

      snakekeylogger

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks