General
-
Target
3.exe
-
Size
596KB
-
Sample
240910-l6bc1azdqg
-
MD5
4cce41f2cb9eb6f52608308913a99f98
-
SHA1
a59277184d1e12c1b8daa43cafcd014d136acfbf
-
SHA256
93715e05ed0217c19e0ece40e261207b61f23a250f58bc177ba6530ee4c844c8
-
SHA512
2c37a605c9219d50a719e647d49980845b0a9dcf16aa36e58743e8bbaf1b17c6f9fd970bbc26524321d575003f8325afdfd7f1037e7b3a2b10887b653b5ef29f
-
SSDEEP
12288:rA1qt2LvW+jGROnw1dRyY93rpS5WoRWPLen+pGj/h1kx9Xy9:rGmrWGR6cQurWBWze+8bhw
Malware Config
Targets
-
-
Target
3.exe
-
Size
596KB
-
MD5
4cce41f2cb9eb6f52608308913a99f98
-
SHA1
a59277184d1e12c1b8daa43cafcd014d136acfbf
-
SHA256
93715e05ed0217c19e0ece40e261207b61f23a250f58bc177ba6530ee4c844c8
-
SHA512
2c37a605c9219d50a719e647d49980845b0a9dcf16aa36e58743e8bbaf1b17c6f9fd970bbc26524321d575003f8325afdfd7f1037e7b3a2b10887b653b5ef29f
-
SSDEEP
12288:rA1qt2LvW+jGROnw1dRyY93rpS5WoRWPLen+pGj/h1kx9Xy9:rGmrWGR6cQurWBWze+8bhw
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-