General
-
Target
Fatura_SUN2023000003827.exe
-
Size
448KB
-
Sample
230216-h9ja8sgd86
-
MD5
04cc0750fc2e0ff6e81b4530e940f512
-
SHA1
82127102bb8725405d9416293fb2496c7c9d8b3e
-
SHA256
554fcafce29b66cc2dd33cff1e49f7d2c45f4e154c1f08bcb15d5aae3ad4ec1c
-
SHA512
b14cc7f0dbbc91ca295d80b471ea438854394189bafae9e4a8356674b0fa7cfe0254c0db7dd3181b95227b75d0be1cd63e54c8e4169d13b63379165622a7e07b
-
SSDEEP
6144:SYa6H/tW0PDPehrAG+7OELO94O7CQDmwv8bi/:SYd/ttLP0ri7OwO9zC4tUa
Malware Config
Targets
-
-
Target
Fatura_SUN2023000003827.exe
-
Size
448KB
-
MD5
04cc0750fc2e0ff6e81b4530e940f512
-
SHA1
82127102bb8725405d9416293fb2496c7c9d8b3e
-
SHA256
554fcafce29b66cc2dd33cff1e49f7d2c45f4e154c1f08bcb15d5aae3ad4ec1c
-
SHA512
b14cc7f0dbbc91ca295d80b471ea438854394189bafae9e4a8356674b0fa7cfe0254c0db7dd3181b95227b75d0be1cd63e54c8e4169d13b63379165622a7e07b
-
SSDEEP
6144:SYa6H/tW0PDPehrAG+7OELO94O7CQDmwv8bi/:SYd/ttLP0ri7OwO9zC4tUa
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-