Overview

overview

10

Static

static

3

438c9ce6e0...4d.exe

windows7-x64

10

438c9ce6e0...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62dc32408fe1ad6e37af98334cf40b1a.bin

  • Size

    296KB

  • Sample

    240701-cgn35awdrn

  • MD5

    8dcd890449a2622758b978db7a2052f2

  • SHA1

    4a579be5e76131f056bb621d53e27b283a5bdb22

  • SHA256

    9b6dc356a6b0660585eeea06dabad188ad947f6e37bdc3103a7804cbb55d3a80

  • SHA512

    f190845b47ff8de1600570af7a40766116d7b057ad6ab39bff302335349990083c4e20412f21db6bac8c3a3657e8e04714b7b42bb0e3b99208b93f2831733ba3

  • SSDEEP

    6144:IFROjUr+QFuKZSlXInkKsc1f03W8J8GSOCIorEo5rFW0W0sJBZfoHv/Au:jArDTglXIZs20Lm7rRrFW0/sJrwHv/P

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    valleycountysar.org
  • Port:
    26
  • Username:
    [email protected]
  • Password:
    fY,FLoadtsiF

Targets

    • Target

      438c9ce6e0b21ec7623f86a2f3e7f1810df1afce1515a5f24d1453a5cacdd74d.exe

    • Size

      482KB

    • MD5

      62dc32408fe1ad6e37af98334cf40b1a

    • SHA1

      ffdf293a119e9cdc670a13c9a40a46185a9701da

    • SHA256

      438c9ce6e0b21ec7623f86a2f3e7f1810df1afce1515a5f24d1453a5cacdd74d

    • SHA512

      3bdfb9da5ebc93ba13289b9fb357390d192d1ba3fa1d4f79b93b31ee28b0100ce8569701d40aea02d6ab1f3b5231d051e8f46ec263985496ee45c367ae023a13

    • SSDEEP

      6144:wXuAPKb4NrWk4xaOD0503DvoveWR2HyVR8pOIf4sLPxRRi+gtM9Af7zCTC6qbGk1:wXuBCrWfxakYeWRx8pz7RRIkU0Dq

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks