General
-
Target
e2113d1238c6af86ae328bd4292d9fe031ae1a4b142686e392434160619da4fe
-
Size
709KB
-
Sample
220521-sebb9ahgf3
-
MD5
19224b2118f1930a9d5968ff3801ccce
-
SHA1
760f59844a791e9c17a558e172425ed64ea5d9b2
-
SHA256
e2113d1238c6af86ae328bd4292d9fe031ae1a4b142686e392434160619da4fe
-
SHA512
eba8a8d28e5c6bbbb851e4120d013227c413680923e1d33efe435701c6ac1133ba65a1d4785f8d470fbf498df5b2a1002508f71e37cedd5ae965806cc95b3fd5
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
samsung-tv.buzz - Port:
587 - Username:
greglog@samsung-tv.buzz - Password:
7213575aceACE@#$ - Email To:
greg@samsung-tv.buzz
Targets
-
-
Target
e2113d1238c6af86ae328bd4292d9fe031ae1a4b142686e392434160619da4fe
-
Size
709KB
-
MD5
19224b2118f1930a9d5968ff3801ccce
-
SHA1
760f59844a791e9c17a558e172425ed64ea5d9b2
-
SHA256
e2113d1238c6af86ae328bd4292d9fe031ae1a4b142686e392434160619da4fe
-
SHA512
eba8a8d28e5c6bbbb851e4120d013227c413680923e1d33efe435701c6ac1133ba65a1d4785f8d470fbf498df5b2a1002508f71e37cedd5ae965806cc95b3fd5
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-