General
-
Target
RFQ_FOR_PO.exe
-
Size
1.7MB
-
Sample
210119-t448abh9s6
-
MD5
3696d772035228acb5692f4ff6ad9fd7
-
SHA1
2a2a4e13d861dcf3b31b089ae9b99281dd3d6ef7
-
SHA256
745b655e27656f2b312cfbb28cbe718ea494c503cd96fa63ee65a9a3caa8f939
-
SHA512
802ba65ea3223aa68d17f86023e669a00884fec71f8631b3ed925a2a82967d8cb13b9dfefc13237af50949a22a0c9a0adb4980499aeb4d4418fe2b7454f43101
Malware Config
Targets
-
-
Target
RFQ_FOR_PO.exe
-
Size
1.7MB
-
MD5
3696d772035228acb5692f4ff6ad9fd7
-
SHA1
2a2a4e13d861dcf3b31b089ae9b99281dd3d6ef7
-
SHA256
745b655e27656f2b312cfbb28cbe718ea494c503cd96fa63ee65a9a3caa8f939
-
SHA512
802ba65ea3223aa68d17f86023e669a00884fec71f8631b3ed925a2a82967d8cb13b9dfefc13237af50949a22a0c9a0adb4980499aeb4d4418fe2b7454f43101
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-