General
-
Target
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea.exe
-
Size
725KB
-
Sample
240402-bc29hsca4t
-
MD5
4b0a935fbc037ea00bf17468d4cf5b85
-
SHA1
169cd19c1d29bebd2c7fe5a8de25b1429f8f2aed
-
SHA256
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea
-
SHA512
0bee469d0188505772af1fd9af4a6710c201475340045b97024102a63aaba14f940e6ee36d118d338e836b4ee7ba03387001ce81724c4f4433123f5b9d83dd4f
-
SSDEEP
12288:w6Wq4aaE6KwyF5L0Y2D1PqL5C38Lua13KVsrOQW60Ztsmhv3:GthEVaPqL58F2rBjmB3
Malware Config
Extracted
snakekeylogger
https://scratchdreams.tk
Targets
-
-
Target
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea.exe
-
Size
725KB
-
MD5
4b0a935fbc037ea00bf17468d4cf5b85
-
SHA1
169cd19c1d29bebd2c7fe5a8de25b1429f8f2aed
-
SHA256
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea
-
SHA512
0bee469d0188505772af1fd9af4a6710c201475340045b97024102a63aaba14f940e6ee36d118d338e836b4ee7ba03387001ce81724c4f4433123f5b9d83dd4f
-
SSDEEP
12288:w6Wq4aaE6KwyF5L0Y2D1PqL5C38Lua13KVsrOQW60Ztsmhv3:GthEVaPqL58F2rBjmB3
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
UPX dump on OEP (original entry point)
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-