General
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.25766.16133.exe
-
Size
541KB
-
Sample
230419-lg2hwshf44
-
MD5
a9929df0b6d9059bd1beeb883af6e293
-
SHA1
60665db850a61a239816a7a89ad5a8ffde55bbed
-
SHA256
187e9a262dac093e04914b16b11f41adec97c3115f4a6b5e5cf1125d2be8eeca
-
SHA512
68196bf5650db3d24af6c131e0d9ad69b238f1268fa2e0999c6b6fc3f645719b60485b137739ef1aaf41e72dfc668ce8545a153abecdd1d798add5a900e266ed
-
SSDEEP
12288:sUXP0yUG4GIDpW8Q4BpnkuDOwTI8UjzagsNjscFODt:OT/dt7nkuhzkztsNjscIDt
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5905114115:AAEtJ13Y8sU1fQgR9KsdZZhYCIQmu7J2ahU/sendMessage?chat_id=5334267822
Targets
-
-
Target
SecuriteInfo.com.Win32.TrojanX-gen.25766.16133.exe
-
Size
541KB
-
MD5
a9929df0b6d9059bd1beeb883af6e293
-
SHA1
60665db850a61a239816a7a89ad5a8ffde55bbed
-
SHA256
187e9a262dac093e04914b16b11f41adec97c3115f4a6b5e5cf1125d2be8eeca
-
SHA512
68196bf5650db3d24af6c131e0d9ad69b238f1268fa2e0999c6b6fc3f645719b60485b137739ef1aaf41e72dfc668ce8545a153abecdd1d798add5a900e266ed
-
SSDEEP
12288:sUXP0yUG4GIDpW8Q4BpnkuDOwTI8UjzagsNjscFODt:OT/dt7nkuhzkztsNjscIDt
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-