General
-
Target
64ef899448c228e4d02af5b452876418353d1633f55eb7776cd398ea86e8b2eb
-
Size
743KB
-
Sample
221121-q37n9afg4y
-
MD5
0a60c8ce39b7fd34a7dc692587d32bb0
-
SHA1
dc487094a38f88817ebf10273edaaa44bae1f0e1
-
SHA256
64ef899448c228e4d02af5b452876418353d1633f55eb7776cd398ea86e8b2eb
-
SHA512
e429520919f8e82199f4dac739db6db0df5784cae9ca7df47177b4dae3f5acd1656d8bd2019e0175c7ae9a0b3a807cb68ed93132597c39661449504488974232
-
SSDEEP
12288:jcr2iNvsOL/GXh8L74mBfNUstzoUy3rUNVJNTUgXdkGy8tgV8KFFsdyp7CgMeU:wr18+L74mBfNUstzoB3r8JNL1iV8KEMk
Malware Config
Targets
-
-
Target
64ef899448c228e4d02af5b452876418353d1633f55eb7776cd398ea86e8b2eb
-
Size
743KB
-
MD5
0a60c8ce39b7fd34a7dc692587d32bb0
-
SHA1
dc487094a38f88817ebf10273edaaa44bae1f0e1
-
SHA256
64ef899448c228e4d02af5b452876418353d1633f55eb7776cd398ea86e8b2eb
-
SHA512
e429520919f8e82199f4dac739db6db0df5784cae9ca7df47177b4dae3f5acd1656d8bd2019e0175c7ae9a0b3a807cb68ed93132597c39661449504488974232
-
SSDEEP
12288:jcr2iNvsOL/GXh8L74mBfNUstzoUy3rUNVJNTUgXdkGy8tgV8KFFsdyp7CgMeU:wr18+L74mBfNUstzoB3r8JNL1iV8KEMk
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-