General
-
Target
73d48d44751c6d0241ac26c1123822be.bin
-
Size
357KB
-
Sample
231221-cmw1xshhc2
-
MD5
57efa55b0d8f3809f4c4fa8e20abd448
-
SHA1
6c65e24b890335c74eab63701920922e9a3d4cdd
-
SHA256
2204e72f09fa4d9c6c266fb080f0a864b7be1052fb5e8721a89076e1b3389a6d
-
SHA512
7e51b7f73b20e3b5c45b71f1299ebf53a3c319428cba3962248d9d3f549410761a13a8a4eaf81559a14d3f271fd2851e60e326f7d0f32f6e7dac634c6cf4434d
-
SSDEEP
6144:kbndgq/segIgcCgfdAIUKVNfYmPSejvzcytPZIz0i8Tpmj4Ebixfx9UfyfZO6qP:gdx/sfIgcZdAIUK4ebZs8U/i79UuZO6k
Malware Config
Targets
-
-
Target
0dd188237a562417f239ff9be662f9336ec77a0906af62c26516a8e6f767f9f5.exe
-
Size
489KB
-
MD5
73d48d44751c6d0241ac26c1123822be
-
SHA1
d794d3df6027c438f86c3418216ff9e18f32c5b8
-
SHA256
0dd188237a562417f239ff9be662f9336ec77a0906af62c26516a8e6f767f9f5
-
SHA512
5bc2e07fa120e4392d08f5930d82e0849555522338b625ae247fde4c913528e41421b387b00a6a3741556b97bbabb45bb296fd702422da44af9ede5048d8adbe
-
SSDEEP
12288:yrpviYJS8EtOcpAT35CPA7kyig/jZnP55oM:yrpasS8qOcCCPA7kyigLN0M
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-