Overview

overview

10

Static

static

3

pay09809988.exe

windows7-x64

7

pay09809988.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

jy2091qep.dll

windows7-x64

1

jy2091qep.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    188fbd7c86e1c099bbc4ab79cc9ee935_JaffaCakes118

  • Size

    438KB

  • Sample

    240628-dlpe5axhlc

  • MD5

    188fbd7c86e1c099bbc4ab79cc9ee935

  • SHA1

    b7b70e9cc33ceaa21690379b78ee73e7781a2956

  • SHA256

    fef9364a82823b9d1a9dbee06a202bd7914c6414a8857311ec338fbd2eb2261c

  • SHA512

    dca1f5ce1e3a3e44f8b0b06d5f515654c5b2fd8baa72c46d5692878b1df780f3dbc9a6082e3af936c079cb7d7c1ecb25a265efc6456045c8b3fcecd76bcff6c1

  • SSDEEP

    12288:dwUv6vwAIpiXX1KJe9q/QkCLFhoQxI1JeJ/pKSQb9l8su:dwUAdX1KJ8q/QklrCxSfu

Score
10/10
snakekeyloggercollectionkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    mail.potagrup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Pgrup@2021

Targets

    • Target

      pay09809988.exe

    • Size

      452KB

    • MD5

      dc83500f11eef58ddbb21c9dd2d17729

    • SHA1

      46b0de105332e090806d5e95f38ee0a33c10ad3b

    • SHA256

      2160a2fba2efc22751b82cebb9d4ce21dfe35782cfb21bbf512687f413b80e65

    • SHA512

      b1289ae61523b0e170a434361e727bf5e0e0043c4596214b4823e6c961ace6a61b796adcbd459cbdcddab3c7d9ff3236ad81a9d88f8a9ca31206a90fb1c127ad

    • SSDEEP

      12288:RH06XwKIhiXX1oJMdqvEu6XFhCQxy1Hex/pKAQb9NsAm:9frX1oJwqvEujh2xiBm

    Score
    10/10
    snakekeyloggercollectionkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    behavioral3behavioral4

    • Target

      jy2091qep.dll

    • Size

      18KB

    • MD5

      a393df2af4708ff2592687ff4ee343b9

    • SHA1

      19b5212fc5dbd673f7e4f78c52b6c0ea33121d85

    • SHA256

      eea2ac27c7db126176b9cbf245328c9acb06665995f1212cc28792304ca3f6f5

    • SHA512

      b960e1ad593a17d94cacec2ef4e30c1b17b69469e3f1a0b26d992dce1ef697078a466bd1bde5779373bae6ff5b35c39a13f818c03c4a3a3eacda051b44ea0491

    • SSDEEP

      384:WkZm9ZV/dm0q96GA2P0ICNPBRJyCmyCtQV2djVh2:WkZaZVd/qSkQHDlV2djV

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks