General
-
Target
m9RGZGWavSniRdK.exe
-
Size
788KB
-
Sample
220914-wfp4ksefgn
-
MD5
deeb0687eff91c877f15af6fe87b52f9
-
SHA1
6ba3166231d864a67ec024e2734658aa832bb6e9
-
SHA256
4fdbb565cacf8d38c63c42c2afeaaf59e6b5bf226709cde754219c96fee3aff9
-
SHA512
70ca715dc012412f95391e09316de4ea8c44bda3e566d14564437feafc6f4da04fbffe065efa96caa7428a81ee6ae172d6b734983eaaf2c28c56dcc2414c3327
-
SSDEEP
12288:NhlylSx18ydmmzV3MT6bL+EiNxsRSYHEQADqjJ5nyhZHlc/ZP26eixPPNaJVRbLi:78AmmSTIdiHsRTjryY
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bestelectricpanels.com - Port:
25 - Username:
[email protected] - Password:
ahsan3863232 - Email To:
[email protected]
Targets
-
-
Target
m9RGZGWavSniRdK.exe
-
Size
788KB
-
MD5
deeb0687eff91c877f15af6fe87b52f9
-
SHA1
6ba3166231d864a67ec024e2734658aa832bb6e9
-
SHA256
4fdbb565cacf8d38c63c42c2afeaaf59e6b5bf226709cde754219c96fee3aff9
-
SHA512
70ca715dc012412f95391e09316de4ea8c44bda3e566d14564437feafc6f4da04fbffe065efa96caa7428a81ee6ae172d6b734983eaaf2c28c56dcc2414c3327
-
SSDEEP
12288:NhlylSx18ydmmzV3MT6bL+EiNxsRSYHEQADqjJ5nyhZHlc/ZP26eixPPNaJVRbLi:78AmmSTIdiHsRTjryY
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-