General
-
Target
cbe7e9223ef509a19630d66a57eaabbf33ee407ff449f4b01a81aa16f035541d
-
Size
29KB
-
Sample
241018-fvn7tssbrr
-
MD5
7ec62db7a908e3e684d371c64667a125
-
SHA1
8bd28c87517a91e3693c72c35d3c53eee5bdcc86
-
SHA256
cbe7e9223ef509a19630d66a57eaabbf33ee407ff449f4b01a81aa16f035541d
-
SHA512
268083224399ed8043597d5c3cb18565b7fe76fd2839fecbd46ebb9f85b622776b65d9edb269a74b08c42f94886e27690ed93545d1d4923c06960a44678f0bc2
-
SSDEEP
384:6goSFVvDcHyICg5cvz6fo3Ek0kJzpYRydxh1T+Z8r/ELRj9kehjtcrV8+M:6gXDEC7Ww3EdadxhHG9kimV8+M
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.legalityltd.com - Port:
587 - Username:
[email protected] - Password:
SeetheB123*
https://api.telegram.org/bot7630104122:AAEABFH2nh-7pDWQHSek3lcCkGIac1LjtbI/sendMessage?chat_id=6459222719
Targets
-
-
Target
cbe7e9223ef509a19630d66a57eaabbf33ee407ff449f4b01a81aa16f035541d
-
Size
29KB
-
MD5
7ec62db7a908e3e684d371c64667a125
-
SHA1
8bd28c87517a91e3693c72c35d3c53eee5bdcc86
-
SHA256
cbe7e9223ef509a19630d66a57eaabbf33ee407ff449f4b01a81aa16f035541d
-
SHA512
268083224399ed8043597d5c3cb18565b7fe76fd2839fecbd46ebb9f85b622776b65d9edb269a74b08c42f94886e27690ed93545d1d4923c06960a44678f0bc2
-
SSDEEP
384:6goSFVvDcHyICg5cvz6fo3Ek0kJzpYRydxh1T+Z8r/ELRj9kehjtcrV8+M:6gXDEC7Ww3EdadxhHG9kimV8+M
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-