Overview

overview

10

Static

static

3

Product li...on.zip

windows7-x64

1

Product li...on.zip

windows10-2004-x64

1

Product li...on.exe

windows7-x64

10

Product li...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Product list Quotation.zip

  • Size

    307KB

  • Sample

    240627-tvv72azbqd

  • MD5

    93be4453708b96f7cfec48745fdb0130

  • SHA1

    bc342be5a50b5d54eb93286dde25a9ca38c334b6

  • SHA256

    15d8bddbe38f971e40e7dabd625d8400e89d71f0057fd3b2a5ca52a86c578117

  • SHA512

    b1c36851e3c7013993b731050f2d822e27c103cb180a96bbaa21b7a2d6d3ced1af50b18754b28ccd07c1582badcf6b85a53c58e1640df3d53ee3a5cafcd0c1a3

  • SSDEEP

    6144:AOrOvqYpYTMwztNHbUNx3U4asqgBoXb1QDM6ut19b6WTZ:frQCTMktJik4aIU2DvuhD

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.valleycountysar.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    DKw(r0%wpbd]
C2

http://103.130.147.85

Targets

    • Target

      Product list Quotation.zip

    • Size

      307KB

    • MD5

      93be4453708b96f7cfec48745fdb0130

    • SHA1

      bc342be5a50b5d54eb93286dde25a9ca38c334b6

    • SHA256

      15d8bddbe38f971e40e7dabd625d8400e89d71f0057fd3b2a5ca52a86c578117

    • SHA512

      b1c36851e3c7013993b731050f2d822e27c103cb180a96bbaa21b7a2d6d3ced1af50b18754b28ccd07c1582badcf6b85a53c58e1640df3d53ee3a5cafcd0c1a3

    • SSDEEP

      6144:AOrOvqYpYTMwztNHbUNx3U4asqgBoXb1QDM6ut19b6WTZ:frQCTMktJik4aIU2DvuhD

    Score
    1/10
    behavioral1behavioral2

    • Target

      Product list Quotation.exe

    • Size

      537KB

    • MD5

      686765a9837993bcd537f331618ca760

    • SHA1

      076f9efc6fec1075f83adbfcd5c659ccde48341d

    • SHA256

      63dbe7d557dc8b87937890df261f61ee69b5c6354aed54d5611baa3e93f66e8e

    • SHA512

      afacb63926fafc52b937194ea2c51ea147157c88ceaf11b37409a1f0faf97121e93711d1acf9be2eb20d2bf7fd7fda8b5275735e4b1488b5d80b7830343ff770

    • SSDEEP

      12288:/lxGPX90OoD9WTcAycaYUDXKrDU0JxxJv/v+FLuSn:m+9WISa1JMxvv/gLB

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Deletes itself

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Tasks