General
-
Target
abf58920ed73ef807269982b4e62fa9a.exe
-
Size
1.4MB
-
Sample
231101-ta2t3sbh68
-
MD5
abf58920ed73ef807269982b4e62fa9a
-
SHA1
03e66fb10269f7ba6fe0bc8200ba5685f224ac7c
-
SHA256
1a43ce284eeb6c62750e67cfd710109ea3461e0fdb4e3ef6df64b159e78f8fd2
-
SHA512
c67e36cd7934a0bd4c4b14909f66d8b1349a21f1286ccc719ecbe14e4cdaaad0874e9c4bd9b8799806c1a26b4ad40fd0c9249c880b0aad015be184a3dda97411
-
SSDEEP
24576:qrEb2grO4+yKPoJHZ6gLl2FNY0wxOSkMoXwwaP7d3BFMukWMG+gcXh6dvrBV1ge+:+Eb2FyKI5wNVwxJk7XvTG+g+h6dvrBVy
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
BkKMmzZ1
Targets
-
-
Target
abf58920ed73ef807269982b4e62fa9a.exe
-
Size
1.4MB
-
MD5
abf58920ed73ef807269982b4e62fa9a
-
SHA1
03e66fb10269f7ba6fe0bc8200ba5685f224ac7c
-
SHA256
1a43ce284eeb6c62750e67cfd710109ea3461e0fdb4e3ef6df64b159e78f8fd2
-
SHA512
c67e36cd7934a0bd4c4b14909f66d8b1349a21f1286ccc719ecbe14e4cdaaad0874e9c4bd9b8799806c1a26b4ad40fd0c9249c880b0aad015be184a3dda97411
-
SSDEEP
24576:qrEb2grO4+yKPoJHZ6gLl2FNY0wxOSkMoXwwaP7d3BFMukWMG+gcXh6dvrBV1ge+:+Eb2FyKI5wNVwxJk7XvTG+g+h6dvrBVy
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-