General
-
Target
ed6ea47a25a730ee36acebfaf7468e59.exe
-
Size
806KB
-
Sample
221216-jw5gzshb6y
-
MD5
ed6ea47a25a730ee36acebfaf7468e59
-
SHA1
bd657158a60dde135b2bb6f49f47232eec820214
-
SHA256
4c355f38322d2cf4c55c34d6d938a91a71bf90d3263d50548fc51f315cb279a4
-
SHA512
66de8f086ea285e2f1e8664c421f188d907615a98d6185c43231b779fe17c2b07dd9ec3415c2402e03535201ed74965002cb38cd9ec7c9ede21f9efb05faa1a6
-
SSDEEP
12288:9/dk3Hhd45vxLGW2CRtKPeA9u7+UxgNFRtOGUC9juBUoZ+I:URdzWJRtxA0+UWNF3EF
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
ed6ea47a25a730ee36acebfaf7468e59.exe
-
Size
806KB
-
MD5
ed6ea47a25a730ee36acebfaf7468e59
-
SHA1
bd657158a60dde135b2bb6f49f47232eec820214
-
SHA256
4c355f38322d2cf4c55c34d6d938a91a71bf90d3263d50548fc51f315cb279a4
-
SHA512
66de8f086ea285e2f1e8664c421f188d907615a98d6185c43231b779fe17c2b07dd9ec3415c2402e03535201ed74965002cb38cd9ec7c9ede21f9efb05faa1a6
-
SSDEEP
12288:9/dk3Hhd45vxLGW2CRtKPeA9u7+UxgNFRtOGUC9juBUoZ+I:URdzWJRtxA0+UWNF3EF
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-