General
-
Target
505741d52f89c89dc156768a0714a0e500d1ecae923de1eff6cea7b393cace78
-
Size
512KB
-
Sample
240911-z9hhdatdrn
-
MD5
973947da93027a6c61b949ab7f44f956
-
SHA1
3daf77c22b19276e29137ec95b0ec90249aeb6b5
-
SHA256
505741d52f89c89dc156768a0714a0e500d1ecae923de1eff6cea7b393cace78
-
SHA512
35ca5d7566d7b656d3843c555311324ac3f7173a36a331e522e4886ff41dda0d7e803feb57bd617c57bcb81bdffc62971afc512bf2d49f010e968a8bb14cf3ce
-
SSDEEP
12288:tt7kvCaWgLfmVJik+ZUbCPGCrtGhtu7STpJE:ttoCaWgLfwi5ZR9Ghtu7
Malware Config
Targets
-
-
Target
505741d52f89c89dc156768a0714a0e500d1ecae923de1eff6cea7b393cace78
-
Size
512KB
-
MD5
973947da93027a6c61b949ab7f44f956
-
SHA1
3daf77c22b19276e29137ec95b0ec90249aeb6b5
-
SHA256
505741d52f89c89dc156768a0714a0e500d1ecae923de1eff6cea7b393cace78
-
SHA512
35ca5d7566d7b656d3843c555311324ac3f7173a36a331e522e4886ff41dda0d7e803feb57bd617c57bcb81bdffc62971afc512bf2d49f010e968a8bb14cf3ce
-
SSDEEP
12288:tt7kvCaWgLfmVJik+ZUbCPGCrtGhtu7STpJE:ttoCaWgLfwi5ZR9Ghtu7
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-