General
-
Target
Excel Document 2502023PPT.exe
-
Size
1005KB
-
Sample
230525-gxlp6agc78
-
MD5
cd6986320095718284f6723fa482fd2b
-
SHA1
2f4f4538d6777122302a6226db824523e1a7b4b7
-
SHA256
cd3f84c42ebdd57e9b3679216ef581b466aa1a646728156155a41055b070e788
-
SHA512
cca829885938d4cf962acecb6cede16af5b3ccdb3d107a42bdc6dbc8b76699100486cac5ebdbc67549af2f3e233a5c51d2d436c86e548c6d0cb600e7de8fe60c
-
SSDEEP
24576:xTmIt9BEP8tylbNMcVrlBM9NVROoFpCndORoybDkWOh8Pdj:xTbBe8tylNbMjVR5piKoSD/
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5421147975:AAGrsGnLOHZfFv7yHuj3hZdQSOVmPodIAVI/sendMessage?chat_id=5317271436
Targets
-
-
Target
Excel Document 2502023PPT.exe
-
Size
1005KB
-
MD5
cd6986320095718284f6723fa482fd2b
-
SHA1
2f4f4538d6777122302a6226db824523e1a7b4b7
-
SHA256
cd3f84c42ebdd57e9b3679216ef581b466aa1a646728156155a41055b070e788
-
SHA512
cca829885938d4cf962acecb6cede16af5b3ccdb3d107a42bdc6dbc8b76699100486cac5ebdbc67549af2f3e233a5c51d2d436c86e548c6d0cb600e7de8fe60c
-
SSDEEP
24576:xTmIt9BEP8tylbNMcVrlBM9NVROoFpCndORoybDkWOh8Pdj:xTbBe8tylNbMjVR5piKoSD/
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-