Overview

overview

10

Static

static

3

tmpiimfce3e.exe

windows7-x64

10

tmpiimfce3e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmpiimfce3e

  • Size

    521KB

  • Sample

    240628-rkjedawhlp

  • MD5

    426555bcad5afe20ed0cbaac5fd720da

  • SHA1

    94e217ac539bfc830581dcf56aa03f8c7bf926be

  • SHA256

    3c6b18f1ed97b080e9e72e66141d089a43db9698320854382009ef1b9d5ccc16

  • SHA512

    95e0d69324f726531076af5076f1e97d3120dba3a30a9df2b68269f1d36526429d0e6bad198e29a8eeac36952e1b335ce1f3a9cb0a61e7b2d9d1372cd59a44de

  • SSDEEP

    12288:c5kndm6oduitZWCxbLzRyCQSB2NcSpUbubuF4a0kR9:Hng6oQiSCJM/S2Ptg4hkR9

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    valleycountysar.org
  • Port:
    26
  • Username:
    [email protected]
  • Password:
    fY,FLoadtsiF

Targets

    • Target

      tmpiimfce3e

    • Size

      521KB

    • MD5

      426555bcad5afe20ed0cbaac5fd720da

    • SHA1

      94e217ac539bfc830581dcf56aa03f8c7bf926be

    • SHA256

      3c6b18f1ed97b080e9e72e66141d089a43db9698320854382009ef1b9d5ccc16

    • SHA512

      95e0d69324f726531076af5076f1e97d3120dba3a30a9df2b68269f1d36526429d0e6bad198e29a8eeac36952e1b335ce1f3a9cb0a61e7b2d9d1372cd59a44de

    • SSDEEP

      12288:c5kndm6oduitZWCxbLzRyCQSB2NcSpUbubuF4a0kR9:Hng6oQiSCJM/S2Ptg4hkR9

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks