General
-
Target
f25dc80bfc742a0e8091d216ecbc033d93e71d43b31bbefb3ec9ef6cfc637cee.exe
-
Size
715KB
-
Sample
241003-ctklgazcpn
-
MD5
35e0396ebde8f6d11e45f398ea0bbc22
-
SHA1
0854342c7c67e459ce51b913a5ff37368d7afaaf
-
SHA256
f25dc80bfc742a0e8091d216ecbc033d93e71d43b31bbefb3ec9ef6cfc637cee
-
SHA512
ae2eb2cabfea0a377d3770abd5b1919552b9eadb2c2cb2317d090417414f6835cf77c9c4380bbe13f5bc7774a357ea4a6a0f424738f78fc8e7fa5475184115da
-
SSDEEP
12288:4Tv8CCDmr86qJEqwz6WOfZj1cLvmj+hhV1BUwngO:Uv8Lqv8cLvJhhV1B3ng
Malware Config
Targets
-
-
Target
f25dc80bfc742a0e8091d216ecbc033d93e71d43b31bbefb3ec9ef6cfc637cee.exe
-
Size
715KB
-
MD5
35e0396ebde8f6d11e45f398ea0bbc22
-
SHA1
0854342c7c67e459ce51b913a5ff37368d7afaaf
-
SHA256
f25dc80bfc742a0e8091d216ecbc033d93e71d43b31bbefb3ec9ef6cfc637cee
-
SHA512
ae2eb2cabfea0a377d3770abd5b1919552b9eadb2c2cb2317d090417414f6835cf77c9c4380bbe13f5bc7774a357ea4a6a0f424738f78fc8e7fa5475184115da
-
SSDEEP
12288:4Tv8CCDmr86qJEqwz6WOfZj1cLvmj+hhV1BUwngO:Uv8Lqv8cLvJhhV1B3ng
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-