General
-
Target
7.exe
-
Size
917KB
-
Sample
210722-7xvnhb53sx
-
MD5
3a5c4b65bb4f78ea617ea542d1d9d949
-
SHA1
9d561008de64c07630e543025b2923998c89dfef
-
SHA256
27dd279fa5720fd391fb0b32caad51f90244c7c16a11944c0e337a1ccb4badfd
-
SHA512
299047236954b528d6378a68580dfd03ac6399bd0d1b04a564e1b78e270dccc748901d8170888c2bc3e3656c3e79e016fccd156b31224adbfaeec69a127a2a61
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mundi.hr - Port:
587 - Username:
report@mundi.hr - Password:
P@1625330275
Targets
-
-
Target
7.exe
-
Size
917KB
-
MD5
3a5c4b65bb4f78ea617ea542d1d9d949
-
SHA1
9d561008de64c07630e543025b2923998c89dfef
-
SHA256
27dd279fa5720fd391fb0b32caad51f90244c7c16a11944c0e337a1ccb4badfd
-
SHA512
299047236954b528d6378a68580dfd03ac6399bd0d1b04a564e1b78e270dccc748901d8170888c2bc3e3656c3e79e016fccd156b31224adbfaeec69a127a2a61
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-