Overview

overview

10

Static

static

3

Product li...on.zip

windows7-x64

1

Product li...on.zip

windows10-2004-x64

1

Product li...on.exe

windows7-x64

10

Product li...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Product list Quotation.zip

  • Size

    307KB

  • Sample

    240627-tq8ybszakf

  • MD5

    6b5a9e362159c6493d0cd78fbb3fe7df

  • SHA1

    e83e2312afe1355fed68d5548d5aa2d5c32819f1

  • SHA256

    3196946120c708992d9ed8798abd40a32a8794349fd65a0e5b2afb4612c9d9f8

  • SHA512

    1b624cc2e6e3fc9da29e8595d25d601536e95492ac06e8142859d84f548bee8765f65db53e86b2e4b09ecb94a54d1355fad64123ce6cdb1608635730381fda6c

  • SSDEEP

    6144:4Ovv45IrQzV5/p7K0DS7KJpLRk9937jxfGQjUVx3k1Yco1zyb0MuEBut184mjJ2E:n3SV5/pO0DS2ujxBgC7bluQuulb

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.valleycountysar.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    DKw(r0%wpbd]
C2

http://103.130.147.85

Targets

    • Target

      Product list Quotation.zip

    • Size

      307KB

    • MD5

      6b5a9e362159c6493d0cd78fbb3fe7df

    • SHA1

      e83e2312afe1355fed68d5548d5aa2d5c32819f1

    • SHA256

      3196946120c708992d9ed8798abd40a32a8794349fd65a0e5b2afb4612c9d9f8

    • SHA512

      1b624cc2e6e3fc9da29e8595d25d601536e95492ac06e8142859d84f548bee8765f65db53e86b2e4b09ecb94a54d1355fad64123ce6cdb1608635730381fda6c

    • SSDEEP

      6144:4Ovv45IrQzV5/p7K0DS7KJpLRk9937jxfGQjUVx3k1Yco1zyb0MuEBut184mjJ2E:n3SV5/pO0DS2ujxBgC7bluQuulb

    Score
    1/10
    behavioral1behavioral2

    • Target

      Product list Quotation.exe

    • Size

      537KB

    • MD5

      f081e31b399dbf3450b468662bb4a124

    • SHA1

      27385cfd3fc7796b33c2fa54e8728c67e39b44d2

    • SHA256

      e855e16a669ed33674c20481a0a80dc4c6b77e50c0091a1f852a655336a5dd1e

    • SHA512

      97056229574e32de6e63162767fdf261bc7b5a3188c072dd0f416f238e46cb3a096d8f7dfc8b0c358f2c0156303910ebf67909f36fd350dc2de5201ce4184267

    • SSDEEP

      12288:/F2QYt9sMIqiTxNEz3AcdYMGJv/v+CLuSn:t2QEv0jEjDEv/HLB

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Deletes itself

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Tasks