General
-
Target
9214d5f9861947288ea8d40ef17eb8faa3f27d28.gz
-
Size
754KB
-
Sample
210624-kmp36t62me
-
MD5
a9c14b70fb09c596aa64ad3453dbc166
-
SHA1
9214d5f9861947288ea8d40ef17eb8faa3f27d28
-
SHA256
859ad7d8d99e264f31bba6f9c2556c130c89650e2ed4404f687c28aa7c14acc5
-
SHA512
8d7341c6d778b8ad48bf747d52a59fc7946609be6ededbc5b19326cffa033d17efed10a559080137c1113bce4676874c2d19fa0d75a02e7355b6274f9a701ae9
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
admin@richieslogs.com - Password:
Chukwudim28@
Targets
-
-
Target
PO013020 - Invoice.exe
-
Size
40.0MB
-
MD5
e5f280143eeebc62e88b54e6236de872
-
SHA1
413066c5f699731bb40c11014530a943f97b1283
-
SHA256
e96b73b97a189a5849718a1bf113b3fab68a09d77360c01d5d21741b3e15baf6
-
SHA512
e4187702117a73b8992aa505502b3968026d028b509ec12edb56bd8298fa7740dc05045b95b2591560e46393fa6810f4e6717fa21fa88e1a95db1e7df45f3b17
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-