General
-
Target
_ACH Payment Initiated & Received___pdf_____.gz
-
Size
458KB
-
Sample
210423-csesh8qa9x
-
MD5
c970749e63ed83838c488f5a4ec219a0
-
SHA1
660af21a0614202ce966e2ae9ea5795cbc430e82
-
SHA256
1643114e9ad4ea69831dc8f052dbbb30fee25835742eb0dab1002db35d30203e
-
SHA512
f5df7b067ad5dbf65d346a710dd4975138f2188773ebfd72bddc1eab2e1d144814f128ed9adf156367e90b9bc98b05448ee4b0a6eb692bf5d2a544b0da520720
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.lokalboyz.com - Port:
587 - Username:
oc2021@lokalboyz.com - Password:
lkEb6ovn
Targets
-
-
Target
ACH Payment Initiated & Received.exe
-
Size
536KB
-
MD5
16db1dad94d7c7bff556c87395af1a94
-
SHA1
077d1ab9d2870562be9dfa431ce6651aa6179207
-
SHA256
2346a1bdc66b319e0cb751f7c8aea0c5164917d30a349b2a1a8d0566fbd60671
-
SHA512
2f24816b4c25281deda76b070dbe9d705e9aaa6518983f5f944ae698c222f0c9f9d3981ac3a70859d4333e54aae28afc219b3c5b9354cc50f42d145bc9faa5d7
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-