General
-
Target
PO 53286.exe
-
Size
486KB
-
Sample
211203-hxm4nafcgk
-
MD5
4a84e7c717ba75bda2f0756f7a36bbaa
-
SHA1
75d245e47c83994a0451ff1a250a54428d9e326a
-
SHA256
305bba7f9a53743b76c46eca1da9f39646f72bb63a052a6bf993651e4fca07ef
-
SHA512
140d4f193dc55804cbc9a61d2136de9d30026c6fdd467d3a92fd136adfb155a4c04a69a35f3faf82c26ac239a3a4491429bfaa65b34215a881ac264e9c7907bf
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
admin@siemens-energy.cam - Password:
antivenom
Targets
-
-
Target
PO 53286.exe
-
Size
486KB
-
MD5
4a84e7c717ba75bda2f0756f7a36bbaa
-
SHA1
75d245e47c83994a0451ff1a250a54428d9e326a
-
SHA256
305bba7f9a53743b76c46eca1da9f39646f72bb63a052a6bf993651e4fca07ef
-
SHA512
140d4f193dc55804cbc9a61d2136de9d30026c6fdd467d3a92fd136adfb155a4c04a69a35f3faf82c26ac239a3a4491429bfaa65b34215a881ac264e9c7907bf
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-