General
-
Target
6489c2a2edb54bb6564df9cb218edf05.bin
-
Size
541KB
-
Sample
241024-btj49szhkj
-
MD5
c803663a880271193e2538411a19a362
-
SHA1
05623b108bdbc78f8b2099ed7913dd98c62288b4
-
SHA256
36d35f3f07fd6cd2d4b43ff938773c5a1125d5788d48bbebdddbde43cfd79a50
-
SHA512
c03eae537e50bfe3cb4a5b66908952ada402ab75fe48a82559d8eb9fddad5443d52303c3bfca71d0f4dcd648e758c1a05d778c365c158d7de21cce8acb2854f5
-
SSDEEP
12288:Kz0mVjLonNXKZhnElw0CQGTFViWq/ZPMlbvaQVgeVhGN0qyWZ:K3VjLonwrnEvcGZjQVgeVhmSWZ
Malware Config
Targets
-
-
Target
3af41da6cc3321fb4954e35e6f2f13ed7c2cc547f43eb1b9a2cfd4ed9d38c344.exe
-
Size
560KB
-
MD5
6489c2a2edb54bb6564df9cb218edf05
-
SHA1
cf9ea9f4973f9b438f9dedbec8a714b78611c84b
-
SHA256
3af41da6cc3321fb4954e35e6f2f13ed7c2cc547f43eb1b9a2cfd4ed9d38c344
-
SHA512
7ab3e215ff9d8330bac168e5f60fd91e270ebbcd4fab027e2bc749d6fd7966a56a495daf9113e550830ec4ca66543c2de22fef363bdc9fa66ffe356d8976feb6
-
SSDEEP
12288:yfAgXkhMOoltiJirLMW6diPxsElSiiGiLaD8Lbu:wkh5oDiJgLMWtxIaD8H
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-