General
-
Target
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604dN
-
Size
723KB
-
Sample
241013-vm5beascjp
-
MD5
e8ac142097057e54c67c573ffc4b5200
-
SHA1
e853bad28e0fabc35e2a14788a6bde6fd28095c1
-
SHA256
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604d
-
SHA512
904be41ed9d42e2de44e3c43d200eab88b068a4789cebf0180a636bdc9eb6f775ca809050b0f06b86b7d7c477848bd117840013c84b1a446ee53cb6da86affa9
-
SSDEEP
12288:+lE9vdcyerVbCx3YNgn0QH72F3JfMNtGVp6yLUYKw7/vAWwFiacwdiHUJ1t6rR:WE9verVbCx3YNgngRppj7/EwacwQ0Jr6
Malware Config
Targets
-
-
Target
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604dN
-
Size
723KB
-
MD5
e8ac142097057e54c67c573ffc4b5200
-
SHA1
e853bad28e0fabc35e2a14788a6bde6fd28095c1
-
SHA256
ae07c4e8171fb3f7b72d667d9af8924f762d92ff71d1264c9afec1a7dfbc604d
-
SHA512
904be41ed9d42e2de44e3c43d200eab88b068a4789cebf0180a636bdc9eb6f775ca809050b0f06b86b7d7c477848bd117840013c84b1a446ee53cb6da86affa9
-
SSDEEP
12288:+lE9vdcyerVbCx3YNgn0QH72F3JfMNtGVp6yLUYKw7/vAWwFiacwdiHUJ1t6rR:WE9verVbCx3YNgngRppj7/EwacwQ0Jr6
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-