General
-
Target
2345678098765T4323456789.exe
-
Size
793KB
-
Sample
211203-lr7snabac6
-
MD5
586d514ada28e25a81dd21501de799d1
-
SHA1
3607a32f3d47cbde3587aeaa3132c350a1ef4afd
-
SHA256
83a5ba65b562afb66309deae1567c919f0e08de04e2c00bb85c55102fe023b0b
-
SHA512
9169d7de350007efe423d31200ccb9505b598855af2fbfdf51dbffede53f1301e5cb93ceef4ca4901c8d65fcf42a04851c9c648a0454a5c7860a6e6f83f4a1b7
Malware Config
Targets
-
-
Target
2345678098765T4323456789.exe
-
Size
793KB
-
MD5
586d514ada28e25a81dd21501de799d1
-
SHA1
3607a32f3d47cbde3587aeaa3132c350a1ef4afd
-
SHA256
83a5ba65b562afb66309deae1567c919f0e08de04e2c00bb85c55102fe023b0b
-
SHA512
9169d7de350007efe423d31200ccb9505b598855af2fbfdf51dbffede53f1301e5cb93ceef4ca4901c8d65fcf42a04851c9c648a0454a5c7860a6e6f83f4a1b7
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-