General
-
Target
8ff68132e45fd815ceda6d4d45c940d2.bin
-
Size
490KB
-
Sample
231027-ch92zsbc31
-
MD5
dba38ef1cad006f8afaa75cb6a38c42f
-
SHA1
21cec0bd7baddb37b7c5d46430d5937c9abffe41
-
SHA256
60fc0a4ad89d3e6f4c3afa1ee50112343dd2326b95eb9f74ef2e0e4158a2f8ed
-
SHA512
cbaa4bf1e977a3bd3447bda7f7696f312226aa9c2594a4973b8ee3b2140926be8f4294e47a2d13d2d125ebe73f97d6b00503688768ef96bb7b88300a1577c7d2
-
SSDEEP
12288:16Qnj0WS4n2Qmnal6tl9xNQvjmFcxkGMiX6Is3NlnDjNEWK:kQn7h2QY7fxNQ/kGRX6DlnDKR
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.kaasgroup.com - Port:
587 - Username:
[email protected] - Password:
majali2009 - Email To:
[email protected]
Targets
-
-
Target
6c497d0004db81c3992fb2ceb661c33191f56c36f062ca52eca4b9a3926a08b4.exe
-
Size
521KB
-
MD5
8ff68132e45fd815ceda6d4d45c940d2
-
SHA1
b1a351b306665b78d2efa15c15d30d195393c25d
-
SHA256
6c497d0004db81c3992fb2ceb661c33191f56c36f062ca52eca4b9a3926a08b4
-
SHA512
2ace92218bb86ab7b19d9db148661a5c5242c0050a5c6be5bcc5b1765adbcc68d751cc4659c61d301b63bffd84ef8b84631b34b8999882ced13deb0c9009a9df
-
SSDEEP
12288:T/50fZ+0h21wF7d6JhvA9HmvsqqH4cZAq4:zOfswF7SW5EtqYcZj
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-