General
-
Target
malw.exe
-
Size
662KB
-
Sample
241010-h8ld7swgrn
-
MD5
fd1c8a844272f22a0d5e01b667d4f91b
-
SHA1
92011d2ef6296463333b422df02ff59e0126a6c5
-
SHA256
b4a6a7b4e3b8285d232df5e5d3a3d6ba8474c13afc59086b1267d737c5052a03
-
SHA512
09a5db494b9ecf4234690643545e948418e3a8a3107e4ebe6027e13f09c1cebf9f332f94689809420d84fc1666bd7b6422ac4ac50efa20861d34f73395b93b4a
-
SSDEEP
12288:k2QJ9o2sW3B9o2G2/6SkwwOeO01ZAao2tezqrVcO5sZYw6bhyWjX53XOo:kv9o2sW3B9oV2iSkwwOe/U2HVcaNhyaf
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.securemail.pro - Port:
587 - Username:
[email protected] - Password:
jrpM0Y5k - Email To:
[email protected]
Targets
-
-
Target
malw.exe
-
Size
662KB
-
MD5
fd1c8a844272f22a0d5e01b667d4f91b
-
SHA1
92011d2ef6296463333b422df02ff59e0126a6c5
-
SHA256
b4a6a7b4e3b8285d232df5e5d3a3d6ba8474c13afc59086b1267d737c5052a03
-
SHA512
09a5db494b9ecf4234690643545e948418e3a8a3107e4ebe6027e13f09c1cebf9f332f94689809420d84fc1666bd7b6422ac4ac50efa20861d34f73395b93b4a
-
SSDEEP
12288:k2QJ9o2sW3B9o2G2/6SkwwOeO01ZAao2tezqrVcO5sZYw6bhyWjX53XOo:kv9o2sW3B9oV2iSkwwOe/U2HVcaNhyaf
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Accesses Microsoft Outlook profiles
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-