General
-
Target
Ödeme 31722.exe
-
Size
1.1MB
-
Sample
221003-kd5wgafbc4
-
MD5
9c28b35f5d7b025e1f4a49e52f51470d
-
SHA1
36fd42e0272bcd1d05fb62f052fa01d1b9422821
-
SHA256
22805984d67d2c9a896aca6d757a00e3adde2b538efd3b8a196fea685e9f9981
-
SHA512
b042c5b28529c3272630d3642f0ed3250fb139177f141277d4e97860bb8683d5868744fa03c7090155506a32f13fc3871535e2e9bba9db3f3edfe66d638848f5
-
SSDEEP
12288:1zdO0ydYLN2yxEU1nrA2SsggtWvXvmdPXOgVTJA5wWK4HTN:1hODd21FKfmPegcm
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5587666659:AAG8NrrXJQs__dhk8nLJBFOspz2my8OVpX0/sendMessage?chat_id=5569775004
Targets
-
-
Target
Ödeme 31722.exe
-
Size
1.1MB
-
MD5
9c28b35f5d7b025e1f4a49e52f51470d
-
SHA1
36fd42e0272bcd1d05fb62f052fa01d1b9422821
-
SHA256
22805984d67d2c9a896aca6d757a00e3adde2b538efd3b8a196fea685e9f9981
-
SHA512
b042c5b28529c3272630d3642f0ed3250fb139177f141277d4e97860bb8683d5868744fa03c7090155506a32f13fc3871535e2e9bba9db3f3edfe66d638848f5
-
SSDEEP
12288:1zdO0ydYLN2yxEU1nrA2SsggtWvXvmdPXOgVTJA5wWK4HTN:1hODd21FKfmPegcm
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-