General
-
Target
Halbank Ekstre 2021101 073653 270424.exe
-
Size
389KB
-
Sample
211125-vejdzafhap
-
MD5
75769838f0ecb3baaf552175590bfb23
-
SHA1
377b4c6e4c527c791ddb2c595693119e0c07d66f
-
SHA256
41af3017eac823c7ab919b26e0fe19b74674491c79acf2303ea9546673e9125b
-
SHA512
ed20932be608e36baaab0f5e8b4b16a097158d8b9fc5e5319ea04fce0cecca1bdc0254cc4b9c7855319ee226882fee81588a41dc2456207ce82b4cff2a8a3670
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.palladiumss.com - Port:
587 - Username:
raman@palladiumss.com - Password:
raman@1210
Targets
-
-
Target
Halbank Ekstre 2021101 073653 270424.exe
-
Size
389KB
-
MD5
75769838f0ecb3baaf552175590bfb23
-
SHA1
377b4c6e4c527c791ddb2c595693119e0c07d66f
-
SHA256
41af3017eac823c7ab919b26e0fe19b74674491c79acf2303ea9546673e9125b
-
SHA512
ed20932be608e36baaab0f5e8b4b16a097158d8b9fc5e5319ea04fce0cecca1bdc0254cc4b9c7855319ee226882fee81588a41dc2456207ce82b4cff2a8a3670
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-