General
-
Target
1adc88b80dd9498bee4a48a62c6ad234
-
Size
1.2MB
-
Sample
231225-nlsgwsdbgn
-
MD5
1adc88b80dd9498bee4a48a62c6ad234
-
SHA1
f8faee666213ddc01a83799962a73ff47bf5d1d8
-
SHA256
3266a0669caa4babe913c1f33f30a5ec22e99345173cdc9527ea93aa8f3673eb
-
SHA512
6ec23fd29766562a3331d906766cf82600dd56748db10bc3df36fd932f52d702ad8d0ccac7abf943515ff9f5aa30e4e175e46cf6ad8d725100d758fe694156dd
-
SSDEEP
24576:WmOsBgo0q4wMyBmCmTOUd+L6kgXWFyVUblQh/wwAXPCoP:WPoHMmmCm6Ud+zgX2lcWz
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.logoffices.com - Port:
587 - Username:
[email protected] - Password:
QAZqaz123@ - Email To:
[email protected]
Targets
-
-
Target
1adc88b80dd9498bee4a48a62c6ad234
-
Size
1.2MB
-
MD5
1adc88b80dd9498bee4a48a62c6ad234
-
SHA1
f8faee666213ddc01a83799962a73ff47bf5d1d8
-
SHA256
3266a0669caa4babe913c1f33f30a5ec22e99345173cdc9527ea93aa8f3673eb
-
SHA512
6ec23fd29766562a3331d906766cf82600dd56748db10bc3df36fd932f52d702ad8d0ccac7abf943515ff9f5aa30e4e175e46cf6ad8d725100d758fe694156dd
-
SSDEEP
24576:WmOsBgo0q4wMyBmCmTOUd+L6kgXWFyVUblQh/wwAXPCoP:WPoHMmmCm6Ud+zgX2lcWz
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-