General
-
Target
0bd22870bdf2e5825487725b27199d10dbd400bd52893a86163d8f0e08454060
-
Size
127KB
-
Sample
230103-vswlfscb47
-
MD5
dac6616ebca826d540db6047d81b2432
-
SHA1
e4bf6d0c976099177bf789ed2a04d2a7c542354d
-
SHA256
0bd22870bdf2e5825487725b27199d10dbd400bd52893a86163d8f0e08454060
-
SHA512
63018c4a7edcf4854e96abe917d5de6e7ee51e31db200b39f3458bfc2f5a848f68ae4dcb30a88e36a939b56851c3cd7677c11c9b3770bf5d9d649561489c81a0
-
SSDEEP
3072:6AgAEkoHj/LDdnr55tVb81A2CXwBj2KFbY:HxW1be72+b
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5890520400:AAHJ6-wblqa9UgNrQiU_F3OpLLrdIMrvJhc/sendMessage?chat_id=5918968990
Targets
-
-
Target
0bd22870bdf2e5825487725b27199d10dbd400bd52893a86163d8f0e08454060
-
Size
127KB
-
MD5
dac6616ebca826d540db6047d81b2432
-
SHA1
e4bf6d0c976099177bf789ed2a04d2a7c542354d
-
SHA256
0bd22870bdf2e5825487725b27199d10dbd400bd52893a86163d8f0e08454060
-
SHA512
63018c4a7edcf4854e96abe917d5de6e7ee51e31db200b39f3458bfc2f5a848f68ae4dcb30a88e36a939b56851c3cd7677c11c9b3770bf5d9d649561489c81a0
-
SSDEEP
3072:6AgAEkoHj/LDdnr55tVb81A2CXwBj2KFbY:HxW1be72+b
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-