Snip3 Malware
Common Information
| Type | Value |
|---|---|
| UUID | c68e6857-3d2f-4d4a-bea7-c40cfd941583 |
| Fingerprint | 7cc1f4b56c7ee2ec62a1e56d84b12811505d479b0bcc0d4b6309d8c98bb51ef6 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 17, 2021, 8:24 p.m. |
| Added to db | May 26, 2024, 7:06 p.m. |
| Last updated | Aug. 31, 2024, 8:53 a.m. |
| Headline | Snip3 Malware |
| Title | Snip3 Malware |
| Detected Hints/Tags/Attributes | 106/3/84 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 56 | vb.net |
|
| Details | Domain | 5 | projfud.pa |
|
| Details | Domain | 2 | e29rava.ddns.net |
|
| Details | Domain | 1 | blackbladeinc52.ddns.net |
|
| Details | Domain | 1 | 001secure.ddns.net |
|
| Details | Domain | 1 | www3-verify3m.ddns.net |
|
| Details | Domain | 1 | lucidair.ddns.net |
|
| Details | Domain | 3 | franco.ddns.net |
|
| Details | Domain | 1 | shakal2.ddns.net |
|
| Details | Domain | 1 | citizensacctverify.ddns.net |
|
| Details | Domain | 1 | www3-verify5t.ddns.net |
|
| Details | Domain | 1 | verify-customer00.ddns.net |
|
| Details | Domain | 1 | ryanoo1337.ddns.net |
|
| Details | Domain | 4 | cisomag.eccouncil.org |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 1 | 2fcisomag.eccouncil.org |
|
| Details | Domain | 138 | www.securityweek.com |
|
| Details | Domain | 31 | blog.morphisec.com |
|
| Details | File | 2 | details.vbs |
|
| Details | File | 2 | 01.ps1 |
|
| Details | File | 1 | startupsys.vbs |
|
| Details | File | 6 | file.bin |
|
| Details | File | 18 | stub.exe |
|
| Details | File | 103 | regasm.exe |
|
| Details | File | 3 | startup.vbs |
|
| Details | File | 83 | sbiedll.dll |
|
| Details | File | 54 | dbghelp.dll |
|
| Details | File | 21 | api_log.dll |
|
| Details | File | 19 | dir_watch.dll |
|
| Details | File | 18 | pstorec.dll |
|
| Details | File | 10 | vmcheck.dll |
|
| Details | md5 | 1 | 115AA316A05965A8B09DA27AA328D259 |
|
| Details | md5 | 1 | 87676329CDD93D38B4F5640556C543E8 |
|
| Details | md5 | 1 | 942078A103320EF24D03CB5992D69E2F |
|
| Details | md5 | 1 | 109BC0B49BA4CE5DA971CF444EB18A3E |
|
| Details | sha256 | 1 | 42c04f36d21be3f9ecb755d3884dddb783b04c7b8dfa94903a0b32ae63bc85f6 |
|
| Details | sha256 | 1 | 82a3ac360c8d78df9c78381f49b2f5d99f9d335bf05fa08135e614265c2bed02 |
|
| Details | sha256 | 1 | 230da3c81c2fa6775bf81a43103e79424ad7483ca1946b70b09fdf462a7f95bc |
|
| Details | sha256 | 1 | 2c87d55e34d01cebb7e4a3d434c2207794bb0d319692e85c453b9da04ab6ee7d |
|
| Details | sha256 | 1 | a0f258884b2e191ac6c24614756770023e955fb5b7430836c14275dcf5f3fcd4 |
|
| Details | sha256 | 1 | 19470ceb697cfe1039f344962da8fe0b1fe484bd0488db00afef27816ee62ae6 |
|
| Details | sha256 | 1 | 48f7d8b31155f89698511479fa718a7c37eb1e141a07ec066b6f5ea45226ddc7 |
|
| Details | sha256 | 1 | 13cad19e58cb7d6ac1752e14b986960acf423661d16245068c60810685bc4fed |
|
| Details | sha256 | 1 | 17a05c09e0000294653d7e9ecb38e36b14e14f3fe371a2f8273535b2dca0c655 |
|
| Details | sha256 | 1 | c9abbb1aeea178e8c8626f85bece0c7d928f0aed2b693a01ade75041015c3ee3 |
|
| Details | sha256 | 1 | c5f2eef5e4caca4a1e30c48f0b4caf9094a2a6a0cca786bf1311d56f8f1c5e31 |
|
| Details | sha256 | 1 | 498295e3315135384e839b4e27850215d05510bd7dccff28af347d60e5ce9c1b |
|
| Details | sha256 | 1 | a6422e864518b38336da336d15e97ab9e2040bf7c4f28fd80827a8e11ad388d4 |
|
| Details | sha256 | 1 | 7d6788ad0f5411310d02f7e24fe1bc127c0f7c502ef587c585d92e040c37d188 |
|
| Details | sha256 | 1 | 6e0eea6d05ec7748d580bed970cb0dff17fcb77073ba777e3ebc06818216f536 |
|
| Details | sha256 | 1 | 3ed9eeabf83f5155c9741cb79eeb121df08feafe8c4e55ec5037fe05cdc4ccbf |
|
| Details | sha256 | 1 | cadc53c72ec5abe2646caf068b06c4abc325216b04879ef719e0b5b8f2140daf |
|
| Details | sha256 | 1 | 9aca4e93536411593d4b1ee738630811d3d93311bbef43561665fe99c99840d1 |
|
| Details | sha256 | 1 | 0f05bb1a65af5bedf405354728aba4f9b021269b3f96a96ded24702688fd7f72 |
|
| Details | sha256 | 1 | 365e09bff859439d5de586c49351cd971bf9fba653e87c89e1cb45c026a66ff3 |
|
| Details | MITRE ATT&CK Techniques | 238 | T1497 |
|
| Details | MITRE ATT&CK Techniques | 97 | T1497.001 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1566.002 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 333 | T1059.003 |
|
| Details | MITRE ATT&CK Techniques | 137 | T1059.005 |
|
| Details | MITRE ATT&CK Techniques | 480 | T1053 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1047 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1055.012 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 197 | T1489 |
|
| Details | MITRE ATT&CK Techniques | 65 | T1069 |
|
| Details | MITRE ATT&CK Techniques | 247 | T1070 |
|
| Details | MITRE ATT&CK Techniques | 297 | T1070.004 |
|
| Details | MITRE ATT&CK Techniques | 179 | T1087 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1219 |
|
| Details | MITRE ATT&CK Techniques | 207 | T1547 |
|
| Details | MITRE ATT&CK Techniques | 96 | T1132 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 149 | T1102 |
|
| Details | Url | 1 | https://cisomag.eccouncil.org/snip3-a-new-crypter-as-a-service-that-deploys-multiple- |
|
| Details | Url | 1 | https://twitter.com/msftsecintel/status/1392219299696152578?ref_src=twsrc%5etfw% |
|
| Details | Url | 1 | https://www.securityweek.com/microsoft-warns-attacks-aerospace-travel-sectors |
|
| Details | Url | 1 | https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader |
|
| Details | Url | 2 | https://twitter.com/unit42_intel/status/1382729698791284736 |