General
-
Target
d16b6047ad5fd1dc3d87eca8d9a6745b6238b5af934b7c34493dc187136e30c6.rar
-
Size
744KB
-
Sample
240918-b2jhpswckd
-
MD5
92abf16c806867e15830e0737a98eafe
-
SHA1
5e1681738c0ffe6621a6035cb043ffe76d5e27f0
-
SHA256
d16b6047ad5fd1dc3d87eca8d9a6745b6238b5af934b7c34493dc187136e30c6
-
SHA512
19c2c0247bdac683d8f0069adeeceb8d4eb5bef2861f4206fd36d4ca93657cb1db10f1ef742d789990eb534c10b39735758a4dd2ff6617962a8ed9c7f23e4fbe
-
SSDEEP
12288:lbfFrktv6qqXE+/nflRztY74VdQ4bZQfLEdo7RxOOX1nmNHxI0M6nYujBp0gW/Y:RFIh6/NnflRziKQWSECDO0kZM6nYCpFF
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.invesxteu.info - Port:
587 - Username:
[email protected] - Password:
rwe87$%21q
https://api.telegram.org/bot5361912293:AAGLRU8lOnvgedEVLW84nw6uJBR8KKRq6f4/sendMessage?chat_id=5103867363
Targets
-
-
Target
BTX7855324-FJL408925-QHT8996757788.exe
-
Size
1.3MB
-
MD5
1598e0f57e2396152ed603ff8832cb30
-
SHA1
f7679b18051a9daf1daf683c3249c8fcb3d9d82c
-
SHA256
9c0df6bb5a583077732c10adb7c12ade664b637f4f2fcd9f05c90a5c3577d010
-
SHA512
57bc83847fef987d2decdf02f72f3a030032f610b1b39a10a1db0f16329ca49f972a7a0817a89493ea0654b233f08ea8b58c17a3c945b7fd0909ee15fdbbab29
-
SSDEEP
24576:9qDEvCTbMWu7rQYlBQcBiT6rprG8aU4pjS0h/dSEAMSJGciQBIZX:9TvC/MTQYxsWR7aUES0h/hAMSJG
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-