General
-
Target
USpPWZaRkFLuDM6.exe
-
Size
493KB
-
Sample
211201-qk5ryafdf4
-
MD5
e6b1adea3e2f52660db88c0bf8cd7549
-
SHA1
b8697dd1d2ac11f5639bfe9cad858a56704e3451
-
SHA256
b6e733ab666b1da84873a1d50a0b82a81c813675139dfd861c2f17ac2821c8f2
-
SHA512
2baee2e15a1f21861116a901054a89b6f772d1b2d3e2bc0329ebb39479847d01688db63ac0892aecfec2a3794f929a0e5a2f6dada1933915ea974df0066bfc97
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.turkal.com - Port:
587 - Username:
info@turkal.com - Password:
Turkal2020!
Targets
-
-
Target
USpPWZaRkFLuDM6.exe
-
Size
493KB
-
MD5
e6b1adea3e2f52660db88c0bf8cd7549
-
SHA1
b8697dd1d2ac11f5639bfe9cad858a56704e3451
-
SHA256
b6e733ab666b1da84873a1d50a0b82a81c813675139dfd861c2f17ac2821c8f2
-
SHA512
2baee2e15a1f21861116a901054a89b6f772d1b2d3e2bc0329ebb39479847d01688db63ac0892aecfec2a3794f929a0e5a2f6dada1933915ea974df0066bfc97
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-