Overview

overview

10

Static

static

1

wealthzx.exe

windows7-x64

10

wealthzx.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    wealthzx.exe

  • Size

    617KB

  • Sample

    230403-thwb9she2w

  • MD5

    f19c34054199717dac72c386ddddd0a0

  • SHA1

    f198077ba4ee5c000bfdb43b340b0910001d8939

  • SHA256

    351c8d8b35c127e116e63eae43fb4aa24ceec9d4ca93f67e1b94dc7d271f205a

  • SHA512

    66b3ff900c9e10b01aae999cf14d37849c8611b9f82b1481cc75393e3eec21bed1d769a7f97d1f7a212547456db74313d29dbfa959203e05cb510e2e5aceac51

  • SSDEEP

    12288:2dMQ0TbAYnB3J7cHgE1UUrMYPW/Cve/FucofQUimOMt+:27IbAYnBpcHd1Um1PXmtu75imX

Score
10/10
snakekeyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Targets

    • Target

      wealthzx.exe

    • Size

      617KB

    • MD5

      f19c34054199717dac72c386ddddd0a0

    • SHA1

      f198077ba4ee5c000bfdb43b340b0910001d8939

    • SHA256

      351c8d8b35c127e116e63eae43fb4aa24ceec9d4ca93f67e1b94dc7d271f205a

    • SHA512

      66b3ff900c9e10b01aae999cf14d37849c8611b9f82b1481cc75393e3eec21bed1d769a7f97d1f7a212547456db74313d29dbfa959203e05cb510e2e5aceac51

    • SSDEEP

      12288:2dMQ0TbAYnB3J7cHgE1UUrMYPW/Cve/FucofQUimOMt+:27IbAYnBpcHd1Um1PXmtu75imX

    Score
    10/10
    snakekeyloggercollectionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks