General
-
Target
afdecb0b5e945023591f7dc9d1c6e22e4e92d69fda0792b5c0509a28004566dd
-
Size
568KB
-
Sample
241007-ekjnxsydjc
-
MD5
c5c8b0599fc91311988911ecec800198
-
SHA1
2de56d617e83e7b3553c7147401446f3393adab8
-
SHA256
afdecb0b5e945023591f7dc9d1c6e22e4e92d69fda0792b5c0509a28004566dd
-
SHA512
02abb5866702030413042621ce35732466798ad95428cbb901f23573dab2889762f0735c992176b527c4d8179b680083bbd56d1bd08571c58ffc7374e618f4f3
-
SSDEEP
12288:dQ+jf0VzJm7URJFBYwN1AdjL4OluYIDhuYJhKUyS:dQ+j8tJnFBYMiH4OshuYJF7
Malware Config
Targets
-
-
Target
Request for offer.exe
-
Size
626KB
-
MD5
bbc2241c8b26c710dba1bdb4686d6e54
-
SHA1
b77585f70690e5055e29f6eef85f22045ec74082
-
SHA256
e3311b58cd5550d55691f8a0cb956d49cd1d59ad10ae119a5e9b62452c652e68
-
SHA512
a5ec6673174d4623afcbfe7c32d477daa86ad4921b7d1d8949a1cb88b46a368de5601c9cf4c7a09232d5e49fa743fe3a42cc501f4a798cb8290f3ca279239d85
-
SSDEEP
12288:+5w+f0e7N9Jj0GxvtyIS7R3jmoXV8l4Ol00zVGq2dYAeM:+XZbj0GtwIgRzO4OTI5
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-