General
-
Target
e47a025069729661a5b181ad7fb2bf8c173413d060b58af52a572c57e6765a76
-
Size
2.3MB
-
Sample
241008-j7qszaxbmr
-
MD5
5d308ae37d1f8e5e7a70826d9f4c0d0f
-
SHA1
c165df867f57dd2de611f01589817229ab0529a2
-
SHA256
e47a025069729661a5b181ad7fb2bf8c173413d060b58af52a572c57e6765a76
-
SHA512
47d75896a681a63b4453c26ba6bad55bc92c54246954f555df084095db6c1ae28b5e25680bda8e2c84a8083b0897414c5f1c9a8dbc8d660f85a27b9c98167007
-
SSDEEP
49152:tXW++PT3zSLeuLV5fr2GsZcBoMjA7cAA:tG++4Bpr21msN
Malware Config
Extracted
Protocol: smtp- Host:
webmail.setarehatlaspars.com - Port:
587 - Username:
[email protected] - Password:
Set@reh1398
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.setarehatlaspars.com - Port:
587 - Username:
[email protected] - Password:
Set@reh1398 - Email To:
[email protected]
Targets
-
-
Target
e47a025069729661a5b181ad7fb2bf8c173413d060b58af52a572c57e6765a76
-
Size
2.3MB
-
MD5
5d308ae37d1f8e5e7a70826d9f4c0d0f
-
SHA1
c165df867f57dd2de611f01589817229ab0529a2
-
SHA256
e47a025069729661a5b181ad7fb2bf8c173413d060b58af52a572c57e6765a76
-
SHA512
47d75896a681a63b4453c26ba6bad55bc92c54246954f555df084095db6c1ae28b5e25680bda8e2c84a8083b0897414c5f1c9a8dbc8d660f85a27b9c98167007
-
SSDEEP
49152:tXW++PT3zSLeuLV5fr2GsZcBoMjA7cAA:tG++4Bpr21msN
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-