General
-
Target
b851ffc3b37929c60b411f3374d25adc.exe
-
Size
127KB
-
Sample
220704-ja8mhshdf8
-
MD5
b851ffc3b37929c60b411f3374d25adc
-
SHA1
14f74e9ebe0e5ba22f2642f9c7f781399794b385
-
SHA256
9454840a8ae77a5b2de432b9ee2a3750f1800f22ba7e61f05df5a6f1a9418a90
-
SHA512
8ec9fc2a4c4efff23deb6e9b49246329221b91e0701240faaab338c4efd4490e7e042cb2c1e36f52c2f9ed9f57d970a1541368400df1b15b806f6a596baef880
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
shop8.frotalabs.com - Port:
587 - Username:
onye@omnitecnologia.com - Password:
NEWTON@23 - Email To:
onye@omnitecnologia.com
Extracted
Protocol: smtp- Host:
shop8.frotalabs.com - Port:
587 - Username:
onye@omnitecnologia.com - Password:
NEWTON@23
Targets
-
-
Target
b851ffc3b37929c60b411f3374d25adc.exe
-
Size
127KB
-
MD5
b851ffc3b37929c60b411f3374d25adc
-
SHA1
14f74e9ebe0e5ba22f2642f9c7f781399794b385
-
SHA256
9454840a8ae77a5b2de432b9ee2a3750f1800f22ba7e61f05df5a6f1a9418a90
-
SHA512
8ec9fc2a4c4efff23deb6e9b49246329221b91e0701240faaab338c4efd4490e7e042cb2c1e36f52c2f9ed9f57d970a1541368400df1b15b806f6a596baef880
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-