General
-
Target
vbc.exe
-
Size
732KB
-
Sample
210504-5asqnvzcwe
-
MD5
dc6c597848870c7c68143495ba2a1ec0
-
SHA1
1f1950e2728ff9ce2767ddefcf97929dbb9454f7
-
SHA256
089d065fe8e39f8b19a726cb15ac216e352a5576f446c5fc38486f1fbb7a1d9c
-
SHA512
cfddb959541c2f0cd9fd8fc82f8cfc2c55bb5439bd70f423e213228d4e332de0ee9a879dc03d5cd9c7f003d676dee3f49a4465d803802bb2e6c474ea4f1d6962
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.almatls.com - Port:
587 - Username:
ewalogs@almatls.com - Password:
0c0qf7xTL1
Targets
-
-
Target
vbc.exe
-
Size
732KB
-
MD5
dc6c597848870c7c68143495ba2a1ec0
-
SHA1
1f1950e2728ff9ce2767ddefcf97929dbb9454f7
-
SHA256
089d065fe8e39f8b19a726cb15ac216e352a5576f446c5fc38486f1fbb7a1d9c
-
SHA512
cfddb959541c2f0cd9fd8fc82f8cfc2c55bb5439bd70f423e213228d4e332de0ee9a879dc03d5cd9c7f003d676dee3f49a4465d803802bb2e6c474ea4f1d6962
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-