Overview

overview

10

Static

static

3

Prouduct l...ns.exe

windows7-x64

10

Prouduct l...ns.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Prouduct list Specifictions.exe

  • Size

    521KB

  • Sample

    240626-fzkp7szelj

  • MD5

    0f5dbbcec11e8e01acc9e3b02b010cc3

  • SHA1

    490d9c37c2c06207673ee07d90bc22a96a350153

  • SHA256

    a61b8857fefeb2a83320602783840bb8ab8caa38d1adea619d19702848bab562

  • SHA512

    fafce6a195f1883f4e00e96cf0f8aba15ab8e0af002d7feeab9b733129cff86fcb530bba92c655247e8afa57bba3a8d53162cde8eafd7ca2a92d660836fe59bd

  • SSDEEP

    12288:c5kndmIC6+3dHz407xhuvQwS3Hym6nZ+8HAL2oh:HngIC6+NTZhrwS3Ha/HAL1h

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    valleycountysar.org
  • Port:
    26
  • Username:
    [email protected]
  • Password:
    fY,FLoadtsiF

Targets

    • Target

      Prouduct list Specifictions.exe

    • Size

      521KB

    • MD5

      0f5dbbcec11e8e01acc9e3b02b010cc3

    • SHA1

      490d9c37c2c06207673ee07d90bc22a96a350153

    • SHA256

      a61b8857fefeb2a83320602783840bb8ab8caa38d1adea619d19702848bab562

    • SHA512

      fafce6a195f1883f4e00e96cf0f8aba15ab8e0af002d7feeab9b733129cff86fcb530bba92c655247e8afa57bba3a8d53162cde8eafd7ca2a92d660836fe59bd

    • SSDEEP

      12288:c5kndmIC6+3dHz407xhuvQwS3Hym6nZ+8HAL2oh:HngIC6+NTZhrwS3Ha/HAL1h

    Score
    10/10
    snakekeyloggerkeyloggerstealercollectionspyware

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks