General
-
Target
Consignment Details.bin.zip
-
Size
20KB
-
Sample
210421-6etfrttlw6
-
MD5
5e7860ba8371881f47e461b7c7ecf1b5
-
SHA1
bb5473b0480c43587d29b5b948ad370e0a72a21d
-
SHA256
6f74882c4cf0275ea7f708ad3b821ac588eed9cdd965daeea6987630081c1109
-
SHA512
b093469758162e95682c63feb2b24cd3e2ab21771c38b6e9977e3163548ba3ac18d276b785901388b1ed97f7de0e486012a7cab77fb43b29346f9125623486d2
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
gmicaprelam.in - Port:
587 - Username:
shege@gmicaprelam.in - Password:
shege2424@
Targets
-
-
Target
Consignment Details.bin
-
Size
235KB
-
MD5
b380133b30eb9bcfbbd628fd95b7b47b
-
SHA1
61cd51cdad34e4a2063e14b41436cd271802169c
-
SHA256
ed2daeb7be57c4a046af63e7ebd3d6044fd4e4aa8ac9c483ca8dcf679b694d7f
-
SHA512
dd62b9502a21c04dbea577cfc5c40315d86a1e552ef44aac5593cac71339efd172cc9e823511953d33fec3a1ee37628148b964062a66c7c64a26792385ba03e8
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-