General
-
Target
file.exe
-
Size
867KB
-
Sample
230306-s3l4nada95
-
MD5
e95d885c6ece5419fd104c8226aa7244
-
SHA1
8346e1c7c845b1b67437b8cf9ec103acfa9b2047
-
SHA256
f7626ca5799f9bb0842eb33d0c870ab943abed8eb6882dd11b4e741fa6453f25
-
SHA512
6fe7e8414834723f99c76d3ccafc2460f8111e71e8409cd0ff685b0ccf446304867d0ef775670f42cff2ea0d9cba52589eee6e2007279ab24916b4fce65e7a90
-
SSDEEP
24576:n1Qwe3cOQ/lMZbrpX6Bngbrxx/iaIU8Ucn:nBFAbVmgbrih
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5875198898:AAHb7cYwGrkdJdBq0_UiL6kYLg7WcXhadcM/sendMessage?chat_id=5279616630
Targets
-
-
Target
file.exe
-
Size
867KB
-
MD5
e95d885c6ece5419fd104c8226aa7244
-
SHA1
8346e1c7c845b1b67437b8cf9ec103acfa9b2047
-
SHA256
f7626ca5799f9bb0842eb33d0c870ab943abed8eb6882dd11b4e741fa6453f25
-
SHA512
6fe7e8414834723f99c76d3ccafc2460f8111e71e8409cd0ff685b0ccf446304867d0ef775670f42cff2ea0d9cba52589eee6e2007279ab24916b4fce65e7a90
-
SSDEEP
24576:n1Qwe3cOQ/lMZbrpX6Bngbrxx/iaIU8Ucn:nBFAbVmgbrih
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-