General
-
Target
Hydro-463459.exe
-
Size
799KB
-
Sample
210201-cpz7qs3pga
-
MD5
cbcb8af4668e72b3cfb6f886433d0b0d
-
SHA1
6b374d60aac0d72a2f38914ca9551e456547b4c2
-
SHA256
af4f099faaef30f6ff63a70490cd42c15323895f2dae9153f5fcd996d690e57f
-
SHA512
3d9b14aa05fff0d59df0548735473ea1944fc6f501b68993dee725c0f76366ce91dc05d23382c5cdc96791e9e473ea8e10e20607e4b0d1e5538e9f2de7a3b108
Malware Config
Targets
-
-
Target
Hydro-463459.exe
-
Size
799KB
-
MD5
cbcb8af4668e72b3cfb6f886433d0b0d
-
SHA1
6b374d60aac0d72a2f38914ca9551e456547b4c2
-
SHA256
af4f099faaef30f6ff63a70490cd42c15323895f2dae9153f5fcd996d690e57f
-
SHA512
3d9b14aa05fff0d59df0548735473ea1944fc6f501b68993dee725c0f76366ce91dc05d23382c5cdc96791e9e473ea8e10e20607e4b0d1e5538e9f2de7a3b108
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-