General
-
Target
my new file ify (1).exe
-
Size
2.7MB
-
Sample
210131-lpxhrx2bwe
-
MD5
e67ac6aaee51c36fd8b66b4fda8e86e0
-
SHA1
8848d903ecacf5614fdfcde030011c1d1f8ff91e
-
SHA256
3ff622e45db0ffbc2ebcc3042cb518a827c9954a6c6c05a936957252104fd2de
-
SHA512
c8ce9379288be20340a48549f78b933b819085e9b8d71630c3f1d60e7e8a9555d7f737974bfe7bd5869f7788b4e256326f8b934c57aebf61bac368aa1e63f542
Malware Config
Targets
-
-
Target
my new file ify (1).exe
-
Size
2.7MB
-
MD5
e67ac6aaee51c36fd8b66b4fda8e86e0
-
SHA1
8848d903ecacf5614fdfcde030011c1d1f8ff91e
-
SHA256
3ff622e45db0ffbc2ebcc3042cb518a827c9954a6c6c05a936957252104fd2de
-
SHA512
c8ce9379288be20340a48549f78b933b819085e9b8d71630c3f1d60e7e8a9555d7f737974bfe7bd5869f7788b4e256326f8b934c57aebf61bac368aa1e63f542
Score10/10-
Modifies WinLogon for persistence
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Drops startup file
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-