Description
Keylogger and Infostealer first seen in November 2020.
a28c434e703d9d0961f526f87a61109c.exe
662KB
211125-vajh6sbbe8
a28c434e703d9d0961f526f87a61109c
c18ce22d993ee202d7c4e91aeda8f602a1ddb054
1a58c708f0c8b203949c9f180813f7fd6665b2f7bbf6f474b39d94e3d6638a30
a380bd060f69d0813fa1c1141fc960225fbeb1a13195ed7349a2d0f7d3ad72e9b37df4f2f8afe45ac8b6bf4997fdc5bac69d9ec93123a1ef5e8f0871dc29e72d
Family | snakekeylogger |
Credentials | Protocol: smtp Host: octfirr.shop Port: 587 Username: income@octfirr.shop Password: oPU]A^_2)Udl |
a28c434e703d9d0961f526f87a61109c.exe
a28c434e703d9d0961f526f87a61109c
662KB
c18ce22d993ee202d7c4e91aeda8f602a1ddb054
1a58c708f0c8b203949c9f180813f7fd6665b2f7bbf6f474b39d94e3d6638a30
a380bd060f69d0813fa1c1141fc960225fbeb1a13195ed7349a2d0f7d3ad72e9b37df4f2f8afe45ac8b6bf4997fdc5bac69d9ec93123a1ef5e8f0871dc29e72d
Keylogger and Infostealer first seen in November 2020.
Tries to access configuration files associated with programs like FileZilla.
Email clients store some user data on disk where infostealers will often target it.
Infostealers often target stored browser data, which can include saved credentials etc.
Uses a legitimate IP lookup service to find the infected system's external IP.