General
-
Target
830bacc86f14b7dd2ee545f213678bc9546dd5afef5a11e33abfeb8cf3ed3c7b_JC.zip
-
Size
290KB
-
Sample
231006-p1n9fsdf54
-
MD5
024f629b2ae57cdc95b91f5f011acc4a
-
SHA1
a4582524e9fbd4348090bc87a8877ab258845b3d
-
SHA256
830bacc86f14b7dd2ee545f213678bc9546dd5afef5a11e33abfeb8cf3ed3c7b
-
SHA512
701d2a18ef5b1416c468a92eb2ab42f733559d6edfff3a28114bc13989e53f52c7ab1ec59af1a938bdf5bdfd0b2457e83f1f0e9bf79c7d09ba7d783eccc5c285
-
SSDEEP
6144:9ADNtckYiDdCzK7AHtOE9mzP5NLYyRzcPa4YwIKYuLfX:9AU8E277AcP5NUycYWX
Malware Config
Targets
-
-
Target
SALESINVOICE0989-98656890.exe
-
Size
326KB
-
MD5
a3f30742d129cec41cc7855cbd20403d
-
SHA1
110cbb3899289b0f480a6bc641af892afb2568e3
-
SHA256
041c5a311445f3041b528f16d36805cb3c60320c2b79c8c8f43aee32e46e48ab
-
SHA512
a7569a005efe96eeb5f707678492f8260944d60674b01cbabc377a23a38150d1b4a0a23c1aca4f1c31064fdafd45d6e7694bb3c9e3942e54f04b587a7dc03469
-
SSDEEP
6144:UnPdudwD/EVDiex5+9CbK7ARtOEhmz13Nr2aRzSPa+YwIAWILW7:UnPdLbej+Qe7DSc13NKaoY97
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-