General
-
Target
tmp
-
Size
433KB
-
Sample
220702-qekvkshbh2
-
MD5
a359ed6ff4218c76aedfbc4e7bf21f8e
-
SHA1
348741f5e4239294319343588bb782f253ab654d
-
SHA256
a5f3c49331caf70461e36db7db7dc0d6ebeb8dcfc06a5d5a747681fb75ae9a50
-
SHA512
4fbc20666bd5202a50ee04efed6afaddfb5c93d39d65b26d51987fd84b745102718f674252e7477301d637db2ffaefcfc920b0420cad9aaebb3ce080247f4730
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
wealthlog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
wealth@saonline.xyz
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
tmp
-
Size
433KB
-
MD5
a359ed6ff4218c76aedfbc4e7bf21f8e
-
SHA1
348741f5e4239294319343588bb782f253ab654d
-
SHA256
a5f3c49331caf70461e36db7db7dc0d6ebeb8dcfc06a5d5a747681fb75ae9a50
-
SHA512
4fbc20666bd5202a50ee04efed6afaddfb5c93d39d65b26d51987fd84b745102718f674252e7477301d637db2ffaefcfc920b0420cad9aaebb3ce080247f4730
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-