General
-
Target
KH098765680000000.exe
-
Size
356KB
-
Sample
231022-h2nwraff97
-
MD5
c3fd40f62d9b66dc9907f57cb51dfc02
-
SHA1
4c315086caa77760f3a5439fd06b33d31dd5ee9f
-
SHA256
b9c36da42919719dcadd5252cb675cad35f0f63566b24a7a95fc0f5dfddb5497
-
SHA512
866cb2a6489ec04c3e649ff8e8a6af777cd4435eec624080d8aaca529d00362cf094c7727d48f5b003d3a5ef4f1160de09059782be6d40e33c6d3923dffb413f
-
SSDEEP
6144:L0ntBIKD2SJMzsdRytZNYvzMsKTBhoR/wHD3IRopPMM2QAxWaqJJzdk6ceh9X3PL:stfD2S+FeZesOR27hCfk6ceXs650
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
posta.ni.net.tr - Port:
587 - Username:
[email protected] - Password:
nilya1957 - Email To:
[email protected]
Targets
-
-
Target
KH098765680000000.exe
-
Size
356KB
-
MD5
c3fd40f62d9b66dc9907f57cb51dfc02
-
SHA1
4c315086caa77760f3a5439fd06b33d31dd5ee9f
-
SHA256
b9c36da42919719dcadd5252cb675cad35f0f63566b24a7a95fc0f5dfddb5497
-
SHA512
866cb2a6489ec04c3e649ff8e8a6af777cd4435eec624080d8aaca529d00362cf094c7727d48f5b003d3a5ef4f1160de09059782be6d40e33c6d3923dffb413f
-
SSDEEP
6144:L0ntBIKD2SJMzsdRytZNYvzMsKTBhoR/wHD3IRopPMM2QAxWaqJJzdk6ceh9X3PL:stfD2S+FeZesOR27hCfk6ceXs650
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-