General

  • Target

    0205fe188cca89c74ac36bb64deb5a02bcf3d257da762f757c85dc02a73c5772

  • Size

    535KB

  • Sample

    250130-vd8bpsxkbt

  • MD5

    232903974724dc9a6f88edb34d0231f5

  • SHA1

    b2ff5a048866683f06bc9654213a52c73bb86ffd

  • SHA256

    0205fe188cca89c74ac36bb64deb5a02bcf3d257da762f757c85dc02a73c5772

  • SHA512

    8d0847aae44ad4beef4f7faa5030e641803c6fb6a8d4083137169ab3ac1645a44a488dadf45a5ceadf2d2fc3f6e787a52fba3be2fdbbdf35adaade7b66ffb03d

  • SSDEEP

    12288:O6iXwHyBWuBAqGoIec4RZcJVFpMcS9SN/3tlmtWI1m3:ONwSBWuBAiZcRpMpu3Ou3

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Leternel01@

Targets

    • Target

      Atteched Request.exe

    • Size

      618KB

    • MD5

      d3b15e236df60a0e551bf21a26718250

    • SHA1

      66626b523351b325c5d58569ec29d6a197698345

    • SHA256

      dbc06aa2f5d8c73c079f19b7799691da6109b3a2afa2ea066c90afbab963acc2

    • SHA512

      c4727719c3ec92599e6b0db89c197d102bccc1600c67089ec01bdf3cf1b075b79154febb29b69ac5303495f0859353a527a8583aee5e4ede8e217529e2b4c6b1

    • SSDEEP

      6144:5o5JyDt117h5r2V96LUAqGMkMaAxfdXLJHOoOyX9nK6OyJvW/SNRaOlmDD9LGwYd:5RGGUAqGmJd9n1OyJOKtlm9pYr+0

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks