General
-
Target
b2ff5314573e49dab41de81d94fe2d12.exe
-
Size
781KB
-
Sample
220921-hpsdeaffd3
-
MD5
b2ff5314573e49dab41de81d94fe2d12
-
SHA1
1a3be2dc343287d4a30ab987183cbd1b5c337ca2
-
SHA256
3d3d04e0b7d813c8a0a409488de8719baead684b8933341c5ae11665430c5536
-
SHA512
5f61a754670e62e571e248867f63e45b26d15a7729ac26bf349e215a4d15538d1aec00bae72c56d272464bdfe7950340b942e27ea6ba6ea1165a169c79f950e8
-
SSDEEP
12288:HP/zTieBW/BBxIexqvAMSJMfm9fdz5G1vS3N42:HHzGeBW/BnzqvA/Mfm9fdz5GJ+N4
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
*UC*BWj8OQWn3@@@21 - Email To:
[email protected]
Targets
-
-
Target
b2ff5314573e49dab41de81d94fe2d12.exe
-
Size
781KB
-
MD5
b2ff5314573e49dab41de81d94fe2d12
-
SHA1
1a3be2dc343287d4a30ab987183cbd1b5c337ca2
-
SHA256
3d3d04e0b7d813c8a0a409488de8719baead684b8933341c5ae11665430c5536
-
SHA512
5f61a754670e62e571e248867f63e45b26d15a7729ac26bf349e215a4d15538d1aec00bae72c56d272464bdfe7950340b942e27ea6ba6ea1165a169c79f950e8
-
SSDEEP
12288:HP/zTieBW/BBxIexqvAMSJMfm9fdz5G1vS3N42:HHzGeBW/BnzqvA/Mfm9fdz5GJ+N4
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-