General
-
Target
PO031656.exe
-
Size
893KB
-
Sample
210622-a4r9gznj52
-
MD5
49107ecd2118e55b971088b19d1f05b2
-
SHA1
7978c25b86b47dba57daefe69f897338ed0d3694
-
SHA256
e89683ea60a246d6fc1744cafaacc17872fe348a3d655793d6513a1271151e60
-
SHA512
557aa31b3a37455005ade68b9cb000e3fcb75cbc369025be12475a40b4b7161e203ab21dcea3f9955ae3efae56d13f4caace24eaf4946dbc0ffec3c00975a85c
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
nicolas.sautter@chsauter-bc.com - Password:
111aaa
Targets
-
-
Target
PO031656.exe
-
Size
893KB
-
MD5
49107ecd2118e55b971088b19d1f05b2
-
SHA1
7978c25b86b47dba57daefe69f897338ed0d3694
-
SHA256
e89683ea60a246d6fc1744cafaacc17872fe348a3d655793d6513a1271151e60
-
SHA512
557aa31b3a37455005ade68b9cb000e3fcb75cbc369025be12475a40b4b7161e203ab21dcea3f9955ae3efae56d13f4caace24eaf4946dbc0ffec3c00975a85c
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-