Overview

overview

10

Static

static

3

235feecbf3...a5.exe

windows7-x64

10

235feecbf3...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57cb0d1fbbe7e57e906d9bec624ff50f.bin

  • Size

    486KB

  • Sample

    240702-bval8a1fme

  • MD5

    a0e379bd01718716892be7a5e213b8e6

  • SHA1

    9e996468f3ed2ffff559d71ee217a786fb3d4dab

  • SHA256

    1f8342bea464ddc4c770b47680e14f5ebe39e19871bf9ef91ef2d096c1193df5

  • SHA512

    6abc8c2ea5f23b516984c6cc51239ce0ddba613eb9eda80d5a99a960c76b1efbaf68eb16d0aba2b419bdf6858a26951f2b8f72a243cc712b16e65d59556d28f4

  • SSDEEP

    12288:ojZB+AqQnVl3z8OdJPdXWdvl2hHyx1tmesf3jztvG:oO0Vl37SkHq1tVsfF+

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

  • Protocol:     smtp
  • Host:
    valleycountysar.org
  • Port:
    26
  • Username:
    [email protected]
  • Password:
    fY,FLoadtsiF

Targets

    • Target

      235feecbf39c506144e406ee52d764d830e5124d113280a5e339bf3bdee978a5.exe

    • Size

      3.0MB

    • MD5

      57cb0d1fbbe7e57e906d9bec624ff50f

    • SHA1

      d8eeb1c8e4530d619c7a5927fec5fcc892e0b24f

    • SHA256

      235feecbf39c506144e406ee52d764d830e5124d113280a5e339bf3bdee978a5

    • SHA512

      7d0be14e10f4174648cb597b9f8b32883088b9fed59cd4812339cdb379746e49b58dfb357d733fcb9b73c725451b64f6588e328518091b6311ef38c1dc41d886

    • SSDEEP

      12288:RaoerDVWSJRvp61xGNoQOgR4FeGQ5fzF2M9PbxyWnnMRGIliKj:RinVl1Yeo0R4FeHX2qwRFj

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks