General
-
Target
cc85ca802857b7b8c8d387e0c955ae78.exe
-
Size
782KB
-
Sample
230202-x9hr2aaa8y
-
MD5
cc85ca802857b7b8c8d387e0c955ae78
-
SHA1
619a03b2629f2d19aa00807ce2ba9ae20dbb4c69
-
SHA256
9cdb2d1ee24e1074a50d1d75ab57418d72d19b7e3fc8c33385e7329e81c24951
-
SHA512
16621943d4803ce5b813f4e0d2caeb033ab56bc43e46e7bc3c06cd918fb6d695b8cac134e16913d882a30eff6ebba32291f745d8fbf6adc70bd659a075769b73
-
SSDEEP
24576:71dH+AX6F0xW9u2LbMCCUapMl7xpqG4yPa:7PHrKWoPTCUapMPq
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
cc85ca802857b7b8c8d387e0c955ae78.exe
-
Size
782KB
-
MD5
cc85ca802857b7b8c8d387e0c955ae78
-
SHA1
619a03b2629f2d19aa00807ce2ba9ae20dbb4c69
-
SHA256
9cdb2d1ee24e1074a50d1d75ab57418d72d19b7e3fc8c33385e7329e81c24951
-
SHA512
16621943d4803ce5b813f4e0d2caeb033ab56bc43e46e7bc3c06cd918fb6d695b8cac134e16913d882a30eff6ebba32291f745d8fbf6adc70bd659a075769b73
-
SSDEEP
24576:71dH+AX6F0xW9u2LbMCCUapMl7xpqG4yPa:7PHrKWoPTCUapMPq
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-