General
-
Target
awb_dhl 9102845290_160924R0 _323282-_563028621286.exe
-
Size
693KB
-
Sample
241009-nnvd9sxhla
-
MD5
7adc51886acb1e8ff0e2b704a9330fe4
-
SHA1
cd36a757db6dd9cb39eb7d76967cc1a407e4d7da
-
SHA256
c3b77419b920d22d48c80739aca2b46a1f3a4d4b42c0e44577e597b82b528630
-
SHA512
bda7a49d35887f172e578dc7d3f257a1a4efc7ba85fca5f95a388c89bff34d1ee38f4259ec928c722e8e771c7fada2bf06d2cef517b337dc9392bdc41dee602a
-
SSDEEP
12288:fyFtmEElUt6zLwoJgJ8qcUOjKj3Lcf64r:fyeEE+8zL/y8jUbciw
Malware Config
Targets
-
-
Target
awb_dhl 9102845290_160924R0 _323282-_563028621286.exe
-
Size
693KB
-
MD5
7adc51886acb1e8ff0e2b704a9330fe4
-
SHA1
cd36a757db6dd9cb39eb7d76967cc1a407e4d7da
-
SHA256
c3b77419b920d22d48c80739aca2b46a1f3a4d4b42c0e44577e597b82b528630
-
SHA512
bda7a49d35887f172e578dc7d3f257a1a4efc7ba85fca5f95a388c89bff34d1ee38f4259ec928c722e8e771c7fada2bf06d2cef517b337dc9392bdc41dee602a
-
SSDEEP
12288:fyFtmEElUt6zLwoJgJ8qcUOjKj3Lcf64r:fyeEE+8zL/y8jUbciw
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-