General
-
Target
ede697a91e18c73baf01ca677aa33917.exe
-
Size
634KB
-
Sample
210727-vxpj9xfvnx
-
MD5
ede697a91e18c73baf01ca677aa33917
-
SHA1
699f96d0a34bfacd78a8530f507769d5d18dccc5
-
SHA256
1e2785c94e1501731c09b13b6f8156548704a36dd5b220efab73c06ed4fd6bfc
-
SHA512
7725d2f003a2aeecfe85dff03654b60ea80914ea39b369d6314443600750f4e13ab04a1c7a0925314e1013af034c0c4640dc3f98b9034851cff6b91c3c518bd9
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
whesilolog@miratechs.gq - Password:
7213575aceACE@#$
Targets
-
-
Target
ede697a91e18c73baf01ca677aa33917.exe
-
Size
634KB
-
MD5
ede697a91e18c73baf01ca677aa33917
-
SHA1
699f96d0a34bfacd78a8530f507769d5d18dccc5
-
SHA256
1e2785c94e1501731c09b13b6f8156548704a36dd5b220efab73c06ed4fd6bfc
-
SHA512
7725d2f003a2aeecfe85dff03654b60ea80914ea39b369d6314443600750f4e13ab04a1c7a0925314e1013af034c0c4640dc3f98b9034851cff6b91c3c518bd9
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-