General
-
Target
24ce66a5-8952-4aaa-5c72-08dcd70d6a75.arj
-
Size
648KB
-
Sample
240918-jg4xxazfqk
-
MD5
1be46d01f41c8135eecf740ad310b522
-
SHA1
48e677090417aca959fa13e160800a8344bee763
-
SHA256
e88f70d37aad0fc1099dfa1e8a201e6210c205e80e63c668d2c0cd463dde15f0
-
SHA512
998be017626a395f00450d0c845b6d3c8e204a0b82e8ae69910a42cc67ebd70fe77e4dbee09694411de32254e4fb4e17fda4d6baa4599c023a8064586ef51dcc
-
SSDEEP
12288:hCLWkiNtbsCCje39cdViQAIHrO+Opvo/mdQoL2kVcJFloYachmHGZal:gkNaCC/7HHrOgudQImHoyhmmu
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.al-subai.com - Port:
587 - Username:
[email protected] - Password:
A_Sadek1962 - Email To:
[email protected]
Targets
-
-
Target
Shipping Documents_Pdf.exe
-
Size
1.0MB
-
MD5
9bb18439c7365654deb878f914930ae3
-
SHA1
74fd8c1ee282522bffd4cfd97bcddedb304047ee
-
SHA256
757bc418a17212abe919bb341478274977b53cac81f70a260509008929cae6eb
-
SHA512
3fa31761cd4064d8970b94801526d440b9a2cdb28054f85f8bb8442f8c9096df1a44ccd68a0808d29f30446ccd283a9acb002c00739378ae0d5040cb76b094fc
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaajnfuJuip2JDiH:mJZoQrbTFZY1iaifuJF2JDiH
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-