General
-
Target
cb46f693cb4263f0c8832e56fe42d8dd0e1a5e8c70b102e20322a65b428df9ce.exe.sample.gz
-
Size
541KB
-
Sample
241021-g8658ssgrh
-
MD5
a184ceb82337cb48259e4594417ae7f1
-
SHA1
88663e30394466f8fb4a2f5f1f0efec1e3972105
-
SHA256
d5d02108a69c03e93f4072e65178ce941cf78401ca4c1babc52d94abcd41579d
-
SHA512
643dfbd99b46ef914c285c94599a7d8bcd8b5d7106c7afb41c1ecfeef7fd8c84e32f16ebaf4258f9048d0c848cd64133d5ef058e1fd1866ba0a63a9aaf122b4f
-
SSDEEP
12288:bc7k9MIyltiEiS6rv8jxN+9rQdeJdkRUM96wEBmnAexvArCI:bGk9pyDiEiSAvQ+9rQdAdkR96w91qrCI
Malware Config
Targets
-
-
Target
sample
-
Size
561KB
-
MD5
af04642d86b2e7e785a034d8fd4510bd
-
SHA1
82b4b45acdec6c64853c5d2c0df36c23026c2e73
-
SHA256
cb46f693cb4263f0c8832e56fe42d8dd0e1a5e8c70b102e20322a65b428df9ce
-
SHA512
762bcf964b6e9d693cd9984f84f1819fbd4a4924d0bb131157df8ac4b76a0df7113cd013a36230a2a726a7fdb2eb62338537e5c54bcbfa5b43934bc3190cb04c
-
SSDEEP
12288:vfAYXkhMOoltiJKeGrLW02pIGyuJdaRQMn6iE30nYjk7L:tkh5oDiJKe4f5QdaRj6ipgk7
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-