General
-
Target
Invoice.exe
-
Size
1.2MB
-
Sample
210622-xnxzb7wy9x
-
MD5
1bcce4d52753f12d8f23e6637f094f1e
-
SHA1
a1a91a13707b4c25fd30ee5281cb9e4515903e01
-
SHA256
4eaefd6f0e650e017e1c63205fd41f9f557568b15bf75afe80cfdf923fe114e5
-
SHA512
9ba3ae65e4cc6ed3a9755a06671cb2e51ce0f2e078b4fcf7b87b7e13e4f44027199ca1a0512ed27ff20d3b75b4abe65f6fd8756bb68a38110baf3f0de35f68ad
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
zalatexinteriors@iykmoreentrprise.org - Password:
Z&6s7s.YLZZi
Targets
-
-
Target
Invoice.exe
-
Size
1.2MB
-
MD5
1bcce4d52753f12d8f23e6637f094f1e
-
SHA1
a1a91a13707b4c25fd30ee5281cb9e4515903e01
-
SHA256
4eaefd6f0e650e017e1c63205fd41f9f557568b15bf75afe80cfdf923fe114e5
-
SHA512
9ba3ae65e4cc6ed3a9755a06671cb2e51ce0f2e078b4fcf7b87b7e13e4f44027199ca1a0512ed27ff20d3b75b4abe65f6fd8756bb68a38110baf3f0de35f68ad
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-