General
-
Target
8921e9e55861c043b028cee713316efd923aff62fca9abb2e7cc7eb3092063e3.exe
-
Size
179KB
-
Sample
240927-bxl32aybmr
-
MD5
bd22f0c99670c51675ebb91843db7181
-
SHA1
8d290ff02196024b6ae7a564172a29e73e00de7d
-
SHA256
8921e9e55861c043b028cee713316efd923aff62fca9abb2e7cc7eb3092063e3
-
SHA512
255968a80a157bd6e37bb780cf69849c2dc829830d1bc0ae011b70be5bef888b3a7d6590a384e3456dbeb43fdcedf7dc09f7c753806d87973ca154659afe7b91
-
SSDEEP
3072:EuV8gCfET/JXYoqbo81ZvFe3sf8Y1DXylHyoWmbdyFQgrqyYTXrDD62zU/s:EWIf4XYtz1ZvFe3sf1XylSioFgTjh9
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bisttro.shop - Port:
587 - Username:
[email protected] - Password:
W79cDo2h05Iv - Email To:
[email protected]
Targets
-
-
Target
8921e9e55861c043b028cee713316efd923aff62fca9abb2e7cc7eb3092063e3.exe
-
Size
179KB
-
MD5
bd22f0c99670c51675ebb91843db7181
-
SHA1
8d290ff02196024b6ae7a564172a29e73e00de7d
-
SHA256
8921e9e55861c043b028cee713316efd923aff62fca9abb2e7cc7eb3092063e3
-
SHA512
255968a80a157bd6e37bb780cf69849c2dc829830d1bc0ae011b70be5bef888b3a7d6590a384e3456dbeb43fdcedf7dc09f7c753806d87973ca154659afe7b91
-
SSDEEP
3072:EuV8gCfET/JXYoqbo81ZvFe3sf8Y1DXylHyoWmbdyFQgrqyYTXrDD62zU/s:EWIf4XYtz1ZvFe3sf1XylSioFgTjh9
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-