General
-
Target
sun.exe
-
Size
1.1MB
-
Sample
210117-46e83bxe6e
-
MD5
535fa9072ad404e7f39b1adb9f83c780
-
SHA1
baa36efbfc5732e2dbc9d5e07a7ad0d255bb4fbe
-
SHA256
622b255f7552f990c5d1f97c3ec9fad77b589b88961deec7b691794d81a7b9b4
-
SHA512
516f52cd2dda7a1f4fd6693f9080e3ffac63ba3b2882d92f65746cf134283a66c4675375483772add15416c616f98c05d7e250bb9ca1c63229b1def71cd9b8e0
Malware Config
Targets
-
-
Target
sun.exe
-
Size
1.1MB
-
MD5
535fa9072ad404e7f39b1adb9f83c780
-
SHA1
baa36efbfc5732e2dbc9d5e07a7ad0d255bb4fbe
-
SHA256
622b255f7552f990c5d1f97c3ec9fad77b589b88961deec7b691794d81a7b9b4
-
SHA512
516f52cd2dda7a1f4fd6693f9080e3ffac63ba3b2882d92f65746cf134283a66c4675375483772add15416c616f98c05d7e250bb9ca1c63229b1def71cd9b8e0
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-