Overview

overview

10

Static

static

3

dd93e71cdd...2d.exe

windows7-x64

10

dd93e71cdd...2d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c5a964f9cbf2fec077302e6baa7316f.bin

  • Size

    484KB

  • Sample

    240702-bdd83s1aph

  • MD5

    b0b2b923715bb70bcf554992a3325bd4

  • SHA1

    879946d6549479067ac1f5ce74dc3ce42472f44e

  • SHA256

    1d9f675236f0a1cc224f9c876e929f947cb422311f7d8bff91a26ab69bb25d66

  • SHA512

    c4806871c733ffece443b0f67a172b9dfa3a2cc25b8545a585b6522b5b8f26ae549b74df7f8d76ee2e5c563fef0255358c9521ff6c196198476759fa252807b6

  • SSDEEP

    6144:XTnv7USvg2qooUqFXOpS7hjx27+X5UbsLE5bjhqrBngxTac3XKAWUiQxMoMET7vC:jDU52qqkepEx761vqKNHvTLMo5USPfI

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    valleycountysar.org
  • Port:
    26
  • Username:
    [email protected]
  • Password:
    fY,FLoadtsiF

Targets

    • Target

      dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d.exe

    • Size

      1.8MB

    • MD5

      0c5a964f9cbf2fec077302e6baa7316f

    • SHA1

      d0593ff771d4cf489903b807aa93f29f5a51f0b5

    • SHA256

      dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d

    • SHA512

      4947d5c0632be00af4ae33700eb85a82daea3f2e1a373b8e454a7103a6959e7f31b973c135ae498b3c70da1c12cdf3482bf43ad3abf92ce7af3f3a54d47a6817

    • SSDEEP

      12288:g6R0Jt0zWWrUufKjFokZGX+KxITevb8OaAN:gi0Jt9W6FovBx3DV

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks