General
-
Target
fdeb92f2a06a4f31e7369e5aec122e810994b80498fbc43e6d528f4f5b09c310
-
Size
600KB
-
Sample
241014-wzgasatapm
-
MD5
701421ca3d4ded1bb8c814c3b7a5a282
-
SHA1
eb220b0efecae8f0d8128d83f87e183a67c0d7cc
-
SHA256
fdeb92f2a06a4f31e7369e5aec122e810994b80498fbc43e6d528f4f5b09c310
-
SHA512
a132ea156e6544e9b0befcd591e2cb3f8073b176769b4af00fe5a36c62b043c3c2d357436d6e8b7cb7092b6decf67d4718ce94c0e3979d740522c1c5c50d75ac
-
SSDEEP
12288:Hu0DdazgKBeNy2NAX6rM/FZ35n7mUSuh0q:Hu0D8MKyy2GZ3xDSY
Malware Config
Targets
-
-
Target
fdeb92f2a06a4f31e7369e5aec122e810994b80498fbc43e6d528f4f5b09c310
-
Size
600KB
-
MD5
701421ca3d4ded1bb8c814c3b7a5a282
-
SHA1
eb220b0efecae8f0d8128d83f87e183a67c0d7cc
-
SHA256
fdeb92f2a06a4f31e7369e5aec122e810994b80498fbc43e6d528f4f5b09c310
-
SHA512
a132ea156e6544e9b0befcd591e2cb3f8073b176769b4af00fe5a36c62b043c3c2d357436d6e8b7cb7092b6decf67d4718ce94c0e3979d740522c1c5c50d75ac
-
SSDEEP
12288:Hu0DdazgKBeNy2NAX6rM/FZ35n7mUSuh0q:Hu0D8MKyy2GZ3xDSY
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-