General
-
Target
Minutes of Meeting.exe
-
Size
1.0MB
-
Sample
210623-5rn3lffwh6
-
MD5
eac5c6f21e77b72411042ffa77a1e518
-
SHA1
2ceb0743bb87dcf356594dce6d80729b9f813f9f
-
SHA256
9cb54681b585020ef5deef74c4fc2772529d1d0a908e5da4afa751368779aba1
-
SHA512
008221a65530a1155adf9241fc509cbc0016606aead245ebb10cd4cc7edb13c1518020f9dc6f08547dc19ed317b585430bf92bc081668f3a4af8a9c9122d0a74
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
zalatexinteriors@iykmoreentrprise.org - Password:
Z&6s7s.YLZZi
Targets
-
-
Target
Minutes of Meeting.exe
-
Size
1.0MB
-
MD5
eac5c6f21e77b72411042ffa77a1e518
-
SHA1
2ceb0743bb87dcf356594dce6d80729b9f813f9f
-
SHA256
9cb54681b585020ef5deef74c4fc2772529d1d0a908e5da4afa751368779aba1
-
SHA512
008221a65530a1155adf9241fc509cbc0016606aead245ebb10cd4cc7edb13c1518020f9dc6f08547dc19ed317b585430bf92bc081668f3a4af8a9c9122d0a74
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-