General
-
Target
6fda181a2675c3faf76877eb5baa9057.exe
-
Size
667KB
-
Sample
221123-qsyzcshg6x
-
MD5
6fda181a2675c3faf76877eb5baa9057
-
SHA1
c495f44b7a1354abecb1f211ccb2c26faa7b2999
-
SHA256
42d11fcf344c2f8cb8fd63240daa70cf0f554a07ead3623b9f0a2c643b56d41a
-
SHA512
b96ed9851d1a045e45c69c37331d71834cd64347e61b9111c803202c39d02cde4288bef2b96bbfac8dfe927797bccc87a3b7ca9f39f89a4594dab7f8bfa8da41
-
SSDEEP
12288:IaElB589TN+cOTpAj48Re5yMutyyqaEJ1VR6ePxM/vDH1Qxer:a7589TMbpAEP5yM6NEJ1zPkvD
Malware Config
Targets
-
-
Target
6fda181a2675c3faf76877eb5baa9057.exe
-
Size
667KB
-
MD5
6fda181a2675c3faf76877eb5baa9057
-
SHA1
c495f44b7a1354abecb1f211ccb2c26faa7b2999
-
SHA256
42d11fcf344c2f8cb8fd63240daa70cf0f554a07ead3623b9f0a2c643b56d41a
-
SHA512
b96ed9851d1a045e45c69c37331d71834cd64347e61b9111c803202c39d02cde4288bef2b96bbfac8dfe927797bccc87a3b7ca9f39f89a4594dab7f8bfa8da41
-
SSDEEP
12288:IaElB589TN+cOTpAj48Re5yMutyyqaEJ1VR6ePxM/vDH1Qxer:a7589TMbpAEP5yM6NEJ1zPkvD
Score10/10-
Modifies WinLogon for persistence
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-