General
-
Target
7b510a26d387227f8558a7b05bdb4795.bin
-
Size
1.5MB
-
Sample
230328-b7fn1aab9v
-
MD5
5d7f063ae5ca4e1b6a39fe67f2185f97
-
SHA1
0cbe9a07336ae4d163b7cd44d542758e16e730c9
-
SHA256
d4832119d2d2df3724eec0f63896a2cfdd60e2dfbe290cc162edcdf18a83ce18
-
SHA512
fdd39846061d2ade00527feba547bb9e3a204f361ba9a03590c9f65ef1b6532a735226f3e6e0fa8be243c4594bacf9551ea1cb679df2ddb3d3ee5442c27d3448
-
SSDEEP
24576:YeMicYmbVKR/h3NFMS7rzWZSx7nnuC3nk+mwhxtUDK8YWqvMdp42cdDgX18YwAH:FmbVO/hH37rzCm7nt3k+Lhxt2KPWJHrd
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower2@yandex.com
Targets
-
-
Target
e99086181ac130803fd5f3443f5485ecb3de67acd2f129f888e6ce1b8a2da20a.exe
-
Size
2.3MB
-
MD5
7b510a26d387227f8558a7b05bdb4795
-
SHA1
a5604cd78ad136b78d9393a551da861f5f77cd9b
-
SHA256
e99086181ac130803fd5f3443f5485ecb3de67acd2f129f888e6ce1b8a2da20a
-
SHA512
b2acd9553582df81b27f8fc82091111d3c5108aafc39e433c1bbe2d383beed1a992d59e1c3437affdc14ca28fceed6d829fa781e584baa1598e4abfb49c62079
-
SSDEEP
49152:Q59zMNe/Okm8bI3wLYz1tZD1V5NQSrBnbx:+zyaOIbfiZD1V5Nftbx
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-