General
-
Target
2ac2a7662fa73228c9826a8b1d5d68d0
-
Size
736KB
-
Sample
231231-glgl3ahhcq
-
MD5
2ac2a7662fa73228c9826a8b1d5d68d0
-
SHA1
ffe33d19c19fa18f980782f6c32023c7c3c3b78f
-
SHA256
70c7f6e9cef3d53a8ee65a073a24236055f3a276f7bf8c6e5f6c9fc7341d7e6e
-
SHA512
9c24801c54f16f5e5977e34873d6f27dfbbee1bf83cf14823cfc24143cd0e690f552fd6f1ee3bdef60a7fa3c53157f2bb8daa12f38cc1dab2f72da03cfdf0f36
-
SSDEEP
12288:T7+5JOEP4baYENv6k1302VNk1fYHHXS+oC7u9clYs7MjPd+I7WqrpUS0Bja:fGHP4lENvPlVNUOHXS+DjYhhaw
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
[email protected] - Password:
TccBps1427log - Email To:
[email protected]
Targets
-
-
Target
2ac2a7662fa73228c9826a8b1d5d68d0
-
Size
736KB
-
MD5
2ac2a7662fa73228c9826a8b1d5d68d0
-
SHA1
ffe33d19c19fa18f980782f6c32023c7c3c3b78f
-
SHA256
70c7f6e9cef3d53a8ee65a073a24236055f3a276f7bf8c6e5f6c9fc7341d7e6e
-
SHA512
9c24801c54f16f5e5977e34873d6f27dfbbee1bf83cf14823cfc24143cd0e690f552fd6f1ee3bdef60a7fa3c53157f2bb8daa12f38cc1dab2f72da03cfdf0f36
-
SSDEEP
12288:T7+5JOEP4baYENv6k1302VNk1fYHHXS+oC7u9clYs7MjPd+I7WqrpUS0Bja:fGHP4lENvPlVNUOHXS+DjYhhaw
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-