General
-
Target
c8f8e37901e2c4872bc7cf02a.exe
-
Size
603KB
-
Sample
230705-n21s7sca84
-
MD5
c8f8e37901e2c4872bc7cf02a3e364e7
-
SHA1
317b95aab651b0b1b50f09f3084c2078613c0023
-
SHA256
89c59b7c1c1561a29a35984ebe1812871a1f0b1635b31386caf8a33458132157
-
SHA512
75e6666b77bf328931e1c2df2912501b2c2a211702fc9ebff1a7d2fb7040c0324dbceac9cfa91a83d323b336e326ef35963eef6e5d247c132eb2d834b8b47ba9
-
SSDEEP
12288:E5dPG2fov8msaeoyfFfeISyxcbFi6Tl0d0wzyeI0HfkVvKUO/:8oh/yfZeISyImd0wzE6fkVC7/
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Kf3BZw66mfZeyhM1
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Kf3BZw66mfZeyhM1
Targets
-
-
Target
c8f8e37901e2c4872bc7cf02a.exe
-
Size
603KB
-
MD5
c8f8e37901e2c4872bc7cf02a3e364e7
-
SHA1
317b95aab651b0b1b50f09f3084c2078613c0023
-
SHA256
89c59b7c1c1561a29a35984ebe1812871a1f0b1635b31386caf8a33458132157
-
SHA512
75e6666b77bf328931e1c2df2912501b2c2a211702fc9ebff1a7d2fb7040c0324dbceac9cfa91a83d323b336e326ef35963eef6e5d247c132eb2d834b8b47ba9
-
SSDEEP
12288:E5dPG2fov8msaeoyfFfeISyxcbFi6Tl0d0wzyeI0HfkVvKUO/:8oh/yfZeISyImd0wzE6fkVC7/
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-