General
-
Target
file
-
Size
1.2MB
-
Sample
210125-jnvlkyx2re
-
MD5
fd15f7e050f40bceac74087720bef9c1
-
SHA1
88bc4eff56e875ef5177ff7cc4841cca6360f0fc
-
SHA256
43ef60cadb56aed45b964b3f85827c9557b49f400a972f1cf9e16566e5dcf2d7
-
SHA512
6aae6d25e65eec6f99afed7cc05d478ccf370cfc7d284fd1ce49ef735d115fdba1d9acb36bbed09e8b5523a00b8f1fdda217e17669ade1d8f03085ece42e5394
Malware Config
Targets
-
-
Target
file
-
Size
1.2MB
-
MD5
fd15f7e050f40bceac74087720bef9c1
-
SHA1
88bc4eff56e875ef5177ff7cc4841cca6360f0fc
-
SHA256
43ef60cadb56aed45b964b3f85827c9557b49f400a972f1cf9e16566e5dcf2d7
-
SHA512
6aae6d25e65eec6f99afed7cc05d478ccf370cfc7d284fd1ce49ef735d115fdba1d9acb36bbed09e8b5523a00b8f1fdda217e17669ade1d8f03085ece42e5394
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-