General
-
Target
Zz92XfcijKVXcny.exe
-
Size
1.4MB
-
Sample
210119-blkx44f4c2
-
MD5
bfcd8470a0944381db7660977261f9db
-
SHA1
44c413af5e0479fabb0486151cc6d2bdff33de6a
-
SHA256
ed8596ea2c9c957127281b2a4380c20f6ef825a4f6f0814094975c66bc5ebec1
-
SHA512
e336045d1a8247385d073205fdce676cdac5593af2b6003c8a7b828bf2e2a3eda61da439574721d55cd63b942982278af3c05e78f0d1cd7df388f9134497d45d
Malware Config
Targets
-
-
Target
Zz92XfcijKVXcny.exe
-
Size
1.4MB
-
MD5
bfcd8470a0944381db7660977261f9db
-
SHA1
44c413af5e0479fabb0486151cc6d2bdff33de6a
-
SHA256
ed8596ea2c9c957127281b2a4380c20f6ef825a4f6f0814094975c66bc5ebec1
-
SHA512
e336045d1a8247385d073205fdce676cdac5593af2b6003c8a7b828bf2e2a3eda61da439574721d55cd63b942982278af3c05e78f0d1cd7df388f9134497d45d
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-