General
-
Target
45d744023ae84d40f08009a8f3d71636.exe
-
Size
595KB
-
Sample
221219-lar1waef84
-
MD5
45d744023ae84d40f08009a8f3d71636
-
SHA1
53cc2a4b1ae6a28cb9a64f887c6af1a12cf5a282
-
SHA256
33dd3092ba0e081814596cd014ff5c6c992fa90a7a7c481fee025cdbcf0fb3d0
-
SHA512
71d7795c5a68109c157aed9d210ddd0b4b0b47bdabbd8da94d3fc36c0472e2c050e55488e8952caaa234d5bba43e77493368a82ef9501d42994402b73e7e0035
-
SSDEEP
12288:c6wONMn2xtAqQX0a8S83SAb+LNw2Bype/ixqnX9tQ27aFX:pU2nAq2LTX7LypSwY3aR
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
45d744023ae84d40f08009a8f3d71636.exe
-
Size
595KB
-
MD5
45d744023ae84d40f08009a8f3d71636
-
SHA1
53cc2a4b1ae6a28cb9a64f887c6af1a12cf5a282
-
SHA256
33dd3092ba0e081814596cd014ff5c6c992fa90a7a7c481fee025cdbcf0fb3d0
-
SHA512
71d7795c5a68109c157aed9d210ddd0b4b0b47bdabbd8da94d3fc36c0472e2c050e55488e8952caaa234d5bba43e77493368a82ef9501d42994402b73e7e0035
-
SSDEEP
12288:c6wONMn2xtAqQX0a8S83SAb+LNw2Bype/ixqnX9tQ27aFX:pU2nAq2LTX7LypSwY3aR
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-