General
-
Target
d28a77b532f830424adcf4288934a27d367efb7132d75f2601acd8a1ae89bad2.exe
-
Size
997KB
-
Sample
241008-csrcmatgjl
-
MD5
38dc45e9706c01fadf235d21659f04c8
-
SHA1
09cfb7f6e5944ca85c2bdd2561dbf92abd76fe41
-
SHA256
d28a77b532f830424adcf4288934a27d367efb7132d75f2601acd8a1ae89bad2
-
SHA512
652aa45ee21195474ee123ac4b404435fd64a4acb4a79e0a63cf0b403f53096d6bc67fac5ad52b3256db787d5971711773a0a2ace3c127913a58ecdf69dec132
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLg2hUCfZQTgD2dagZuJUFj3erXF:ffmMv6Ckr7Mny5QLg2phQIUuq3i
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
pakcentar.ba - Port:
587 - Username:
[email protected] - Password:
Almir.KardasPC!18_ - Email To:
[email protected]
Targets
-
-
Target
d28a77b532f830424adcf4288934a27d367efb7132d75f2601acd8a1ae89bad2.exe
-
Size
997KB
-
MD5
38dc45e9706c01fadf235d21659f04c8
-
SHA1
09cfb7f6e5944ca85c2bdd2561dbf92abd76fe41
-
SHA256
d28a77b532f830424adcf4288934a27d367efb7132d75f2601acd8a1ae89bad2
-
SHA512
652aa45ee21195474ee123ac4b404435fd64a4acb4a79e0a63cf0b403f53096d6bc67fac5ad52b3256db787d5971711773a0a2ace3c127913a58ecdf69dec132
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLg2hUCfZQTgD2dagZuJUFj3erXF:ffmMv6Ckr7Mny5QLg2phQIUuq3i
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-