General
-
Target
6a9d3a6f928c5a2a9ab9abe269027f3b987045fbb30803dd431ae2f56d5f859c
-
Size
754KB
-
Sample
221129-wvhytaga4w
-
MD5
9aa82ff924fc3b345eba69d59327c235
-
SHA1
4a60c66a2d450b4ac234c0856e6898b043a12ba7
-
SHA256
6a9d3a6f928c5a2a9ab9abe269027f3b987045fbb30803dd431ae2f56d5f859c
-
SHA512
c85ec7653dc2239799c474575e9befd787b68de204d64214fac27c3303c8cfada06ae9cb5d57cfbe97d812d21974c71af35d65f5b820cc38f793c40317e9c37e
-
SSDEEP
12288:wOvT3qA420ld+PoGZS5mpw8AJF3KWtYMq/6H2SP4pyV9n:l3qA42YdehZSwpwBJF3fs6WSPd1
Malware Config
Targets
-
-
Target
6a9d3a6f928c5a2a9ab9abe269027f3b987045fbb30803dd431ae2f56d5f859c
-
Size
754KB
-
MD5
9aa82ff924fc3b345eba69d59327c235
-
SHA1
4a60c66a2d450b4ac234c0856e6898b043a12ba7
-
SHA256
6a9d3a6f928c5a2a9ab9abe269027f3b987045fbb30803dd431ae2f56d5f859c
-
SHA512
c85ec7653dc2239799c474575e9befd787b68de204d64214fac27c3303c8cfada06ae9cb5d57cfbe97d812d21974c71af35d65f5b820cc38f793c40317e9c37e
-
SSDEEP
12288:wOvT3qA420ld+PoGZS5mpw8AJF3KWtYMq/6H2SP4pyV9n:l3qA42YdehZSwpwBJF3fs6WSPd1
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-