General
-
Target
1c30f9a583d4b2dc406b2b5a187bc042b535025b76e1983470e9f18309a17c8c.exe
-
Size
1.0MB
-
Sample
241009-bkseaa1fme
-
MD5
f5cb8e84f3124c37b0a275944be5c54c
-
SHA1
99bc68609d1da7fce3e1b7e39c0b6388b089305f
-
SHA256
1c30f9a583d4b2dc406b2b5a187bc042b535025b76e1983470e9f18309a17c8c
-
SHA512
616cee6ee6cad22a99567fc3e3d97e78eb921cc8af549eace9d2542431077b952d88ed87d5e3a9880525cbbdc5faddbb6d9bb2f5d450733ec1a3b3e95a118626
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaaje+6aSItiIbeQ8w1eoZ:mJZoQrbTFZY1iaiL6aPtHEP8
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.al-subai.com - Port:
587 - Username:
[email protected] - Password:
A_Sadek1962 - Email To:
[email protected]
Targets
-
-
Target
1c30f9a583d4b2dc406b2b5a187bc042b535025b76e1983470e9f18309a17c8c.exe
-
Size
1.0MB
-
MD5
f5cb8e84f3124c37b0a275944be5c54c
-
SHA1
99bc68609d1da7fce3e1b7e39c0b6388b089305f
-
SHA256
1c30f9a583d4b2dc406b2b5a187bc042b535025b76e1983470e9f18309a17c8c
-
SHA512
616cee6ee6cad22a99567fc3e3d97e78eb921cc8af549eace9d2542431077b952d88ed87d5e3a9880525cbbdc5faddbb6d9bb2f5d450733ec1a3b3e95a118626
-
SSDEEP
24576:pRmJkcoQricOIQxiZY1iaaje+6aSItiIbeQ8w1eoZ:mJZoQrbTFZY1iaiL6aPtHEP8
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-