General
-
Target
お見積り依頼.zip
-
Size
485KB
-
Sample
241016-alv15atela
-
MD5
cc77b413b913a7163288406a233f9a94
-
SHA1
f3d52028a5664491b17d168715dae5c5ce414b23
-
SHA256
1e2c7f25f9388d47be1f318cdf74b95b9d971a12d23c6eb4c78707301126acfe
-
SHA512
e49ad219b354b29c47746ff895c2da9d00ca5e405537adcbf543c54e197b2ab26be89d24915470ce3dcb451ff6c3e0909c26f03b314458f328ab87ab83fb8ef2
-
SSDEEP
12288:xBhTu6zXa/diZ8H6wjoG2Znok9Ob2dtG/2SwlkFy2Y1sxeR7vZ5G:x7iXdiZ8awjoGcok95nG/g52YmxejZ0
Malware Config
Targets
-
-
Target
お見積り依頼.exe
-
Size
497KB
-
MD5
5fb84fe04e1573be79533791aeaa9d34
-
SHA1
df0f6db5d0bba16265f2210fce28d6b5c5c704cb
-
SHA256
07544f90f1d6b64b394f2a1c8a8ab2283c8ac87eac9ea3128cc4e2af83c8e920
-
SHA512
488075a3bc63b005a117726c4859743154cc0d75f0e57927e8eccf9e8ca929b68d1fd3fff5f2cd24f19afc4f05e9e934b683e00b83aa63ae4317db2a58f40f76
-
SSDEEP
12288:FfUSZtmY7Q+JJxCq9MXWRZVk9BEe7v4joiZ6kD4o:FnbxzJxCq9MGNk9EUicm4
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-