General
-
Target
SecuriteInfo.com.Trojan.Packed2.42783.9831.18705
-
Size
1.2MB
-
Sample
210128-hgm9zjh67e
-
MD5
263f0b35e5768e624a84ac122bbf6a8c
-
SHA1
53b6283cf3fe925f008ff5e75bb9f59ec115e0db
-
SHA256
37ba2407fcedfb820ba97763e2fb4799604a7085a60d48f69de9583fe87eb9f3
-
SHA512
3cc99c5e89bc9443fb78e7ffd09efd5bd846fde48cbbbaf2ef4ff41f39a393b3e5660f74117113f9dee9540a1c5f4ba07e54d17790eda1375c13af3ddcfe4fa1
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.Packed2.42783.9831.18705
-
Size
1.2MB
-
MD5
263f0b35e5768e624a84ac122bbf6a8c
-
SHA1
53b6283cf3fe925f008ff5e75bb9f59ec115e0db
-
SHA256
37ba2407fcedfb820ba97763e2fb4799604a7085a60d48f69de9583fe87eb9f3
-
SHA512
3cc99c5e89bc9443fb78e7ffd09efd5bd846fde48cbbbaf2ef4ff41f39a393b3e5660f74117113f9dee9540a1c5f4ba07e54d17790eda1375c13af3ddcfe4fa1
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-