General

  • Target

    c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04.exe

  • Size

    589KB

  • Sample

    250207-r98qkavpd1

  • MD5

    84d8c23ba97d01959bbbcf2643b39c93

  • SHA1

    18c4a0f3d086d03b7b43fdf9da23148b69140b54

  • SHA256

    c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04

  • SHA512

    37330d0c686f116db0b03b76114c412e1b525ab9fe8620fb2c7898a0f9e24c0b1d8c48bc1e6b22f4a2e705c3c4c651fd2d6e7247751bd7b453e0d9955ab42811

  • SSDEEP

    12288:jjWa+Rv3h4AXOAmLO27gNAEpHGxrDDpQ37VYD1Gmywi6SAsKHa:QkAya29+HGlDDpKuD16w9sw

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04.exe

    • Size

      589KB

    • MD5

      84d8c23ba97d01959bbbcf2643b39c93

    • SHA1

      18c4a0f3d086d03b7b43fdf9da23148b69140b54

    • SHA256

      c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04

    • SHA512

      37330d0c686f116db0b03b76114c412e1b525ab9fe8620fb2c7898a0f9e24c0b1d8c48bc1e6b22f4a2e705c3c4c651fd2d6e7247751bd7b453e0d9955ab42811

    • SSDEEP

      12288:jjWa+Rv3h4AXOAmLO27gNAEpHGxrDDpQ37VYD1Gmywi6SAsKHa:QkAya29+HGlDDpKuD16w9sw

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

    • Snake Keylogger payload

    • Snakekeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks