General
-
Target
2450da56f784319418f97683fcc88329.bin
-
Size
619KB
-
Sample
230602-bgvp8shc26
-
MD5
0655c5c6d3f4be167c04895ff4cb1206
-
SHA1
55ea462c896a42c8efcfe4df4906f00cba2f4d6c
-
SHA256
fd712eee982ac3d3f6a88ff55096e6a77183172fff1077c3584e97b18ea55175
-
SHA512
08eebc3f58df78647ab1008ab3ff317afd70bdd8ff468230325d94b61b4e0ac54036d16d8992f6191f3d2b1fab95bfdcd2ee609ad25e131ddb127a05148812b9
-
SSDEEP
12288:XRGuwrSjKtHdlf1+ABR4v2mbB6Tn6QaW1qxYXcupbx9Q2Il8TZ0:h3i/1+kk27TZwgTpE2Q
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5587666659:AAG8NrrXJQs__dhk8nLJBFOspz2my8OVpX0/sendMessage?chat_id=5569775004
Targets
-
-
Target
5e120295dbb1df0ffae200b49202256cc03f6f5414addf758a4c1b11d683774d.exe
-
Size
983KB
-
MD5
2450da56f784319418f97683fcc88329
-
SHA1
2223337d34bd483ebc61a27f106af8ffe3ead712
-
SHA256
5e120295dbb1df0ffae200b49202256cc03f6f5414addf758a4c1b11d683774d
-
SHA512
b3876fb4f8bef3571194450ddb5eee4a5ffc0e8a2cfb938d94a34fdd338c5e7b32c41c77f968449c9d0bd3fb751fef88ec028144805c1e73c1520b3c5de592a0
-
SSDEEP
24576:QDDDDDeDDDDDZMUgh8yKIwat2TL0SbkJAtrO2is:rMRh8yHM1bhDH
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-