General
-
Target
00000000987772021.exe
-
Size
793KB
-
Sample
210119-728bxkhrd6
-
MD5
c11c5375e304a5f8bf9cd85bf4c26758
-
SHA1
e4e86d5abe6902beb3f60fb5e57a55bbe52a179a
-
SHA256
c3651ed2c59e56af93418b56a8fc12fd557d37f5905ac00fd8885f748af97c38
-
SHA512
853961fdb5be5adfb2b3e2d2d44c1741003d2b760384684daeceae0238da074ff2c8b244f7dc98cf26dac2d3ea4427bd02e04e0bf5bde412a646ebabb76f9234
Malware Config
Targets
-
-
Target
00000000987772021.exe
-
Size
793KB
-
MD5
c11c5375e304a5f8bf9cd85bf4c26758
-
SHA1
e4e86d5abe6902beb3f60fb5e57a55bbe52a179a
-
SHA256
c3651ed2c59e56af93418b56a8fc12fd557d37f5905ac00fd8885f748af97c38
-
SHA512
853961fdb5be5adfb2b3e2d2d44c1741003d2b760384684daeceae0238da074ff2c8b244f7dc98cf26dac2d3ea4427bd02e04e0bf5bde412a646ebabb76f9234
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-