General
-
Target
27970a1a59a9e4f39aed843e55e31ae0.exe
-
Size
1.5MB
-
Sample
210118-6v4bsst6ce
-
MD5
27970a1a59a9e4f39aed843e55e31ae0
-
SHA1
c1c54be2a890bc5174b9a94d19385d3c9e9f8b8a
-
SHA256
30eb1963753aa4a9d4987f1e43c684d91b1b9ca11202a7f751bc621a0149cb19
-
SHA512
0fbb5bbb642b8230a2c18dd06cf930fab67fd1e3b6b461a2560b7464d9f557723d9fe813ebcafb5b7400be1e45f8bb275056f500523d9d740f4251ebde9f15ae
Malware Config
Targets
-
-
Target
27970a1a59a9e4f39aed843e55e31ae0.exe
-
Size
1.5MB
-
MD5
27970a1a59a9e4f39aed843e55e31ae0
-
SHA1
c1c54be2a890bc5174b9a94d19385d3c9e9f8b8a
-
SHA256
30eb1963753aa4a9d4987f1e43c684d91b1b9ca11202a7f751bc621a0149cb19
-
SHA512
0fbb5bbb642b8230a2c18dd06cf930fab67fd1e3b6b461a2560b7464d9f557723d9fe813ebcafb5b7400be1e45f8bb275056f500523d9d740f4251ebde9f15ae
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-