General
-
Target
22554080f932d465ce13118732d03a9e
-
Size
997KB
-
Sample
231225-qxc8fsbfhj
-
MD5
22554080f932d465ce13118732d03a9e
-
SHA1
6eb832f18ce2720a07ea504583258d213906f4d0
-
SHA256
9ca62f576b0ea3feaa04743aa626fefc4ff511b17d3532b3d90bd47c65b6fa2d
-
SHA512
99ad632d268ee0299841b2d024ae3aea88cd83eb7e72fc35184e7f434f0de7418592063dbb59ddf116ec2d60056aca1786754899f1cf0c2bc76073886fdfab18
-
SSDEEP
24576:8K68ABhkJEZ5/dxNK64JGPeqkdsuJ+NRWqwOUER:8KO6CK64J2BuwKvW
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.fireacoustics.com - Port:
587 - Username:
[email protected] - Password:
_d:rzD~62Jxh - Email To:
[email protected]
Targets
-
-
Target
22554080f932d465ce13118732d03a9e
-
Size
997KB
-
MD5
22554080f932d465ce13118732d03a9e
-
SHA1
6eb832f18ce2720a07ea504583258d213906f4d0
-
SHA256
9ca62f576b0ea3feaa04743aa626fefc4ff511b17d3532b3d90bd47c65b6fa2d
-
SHA512
99ad632d268ee0299841b2d024ae3aea88cd83eb7e72fc35184e7f434f0de7418592063dbb59ddf116ec2d60056aca1786754899f1cf0c2bc76073886fdfab18
-
SSDEEP
24576:8K68ABhkJEZ5/dxNK64JGPeqkdsuJ+NRWqwOUER:8KO6CK64J2BuwKvW
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-