General
-
Target
Bank Details.rar
-
Size
456KB
-
Sample
210421-yavk7f5exn
-
MD5
7a8c59a4794d9ec5a8b0256f5e339bd5
-
SHA1
acb3dd72143c7d9d404b689150bdbe6843c712b3
-
SHA256
3e4dfe7c5416c432107685e308c803d888df1f5d78949a11c535ee926216c635
-
SHA512
b7cfd5ea643fb95fc144d1b85a6c3403e7500fc3122df5d82cd761803bc045cf98af0d6c583fa5335ae9d2e3b95c38e3c704f96d71e7359d8b1dcf870aaf2921
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
snakelogs@vivaldi.net - Password:
chuksypayment1759
Targets
-
-
Target
Bank Details.exe
-
Size
561KB
-
MD5
1fa594a225db6660840cb2ab2f545e7c
-
SHA1
38afb75a218166db0cf13c49ea7cc48cdcecea81
-
SHA256
42369fde3cdabda5b102802a1071f0a46bb44ec3130a7a7012be3fcdea82c519
-
SHA512
ccdbd31e6afd9620c3b296cb65ae181dcf7d40126f037106b342e3246debde9907107c2afe9656f79eaba901dd0091efb7d216c0069e3fbe9ff2f5eed85eaf8c
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-