General
-
Target
a498c70735258e7cb2204d02d81d5d2f31c266da60231dc50857c4267b4f48c1.exe
-
Size
610KB
-
Sample
241024-c5awea1bjf
-
MD5
2144b1c24a7ff469c8f2b9a7a97343ac
-
SHA1
3616325db9ac7ad66793a38e3fa29d86faa0d3ca
-
SHA256
a498c70735258e7cb2204d02d81d5d2f31c266da60231dc50857c4267b4f48c1
-
SHA512
bc7cf9a22b854ccada8638e8fe26bf01c633d03be2caa927867df9940f075d0aed147349a6db1d93e833cb96e83561d91349bcded509df0d38a97b60765dcae1
-
SSDEEP
12288:SuqGY9wn8lISIgt6M177MgRudvlE9neaw:5M7l9tSdva5
Malware Config
Targets
-
-
Target
a498c70735258e7cb2204d02d81d5d2f31c266da60231dc50857c4267b4f48c1.exe
-
Size
610KB
-
MD5
2144b1c24a7ff469c8f2b9a7a97343ac
-
SHA1
3616325db9ac7ad66793a38e3fa29d86faa0d3ca
-
SHA256
a498c70735258e7cb2204d02d81d5d2f31c266da60231dc50857c4267b4f48c1
-
SHA512
bc7cf9a22b854ccada8638e8fe26bf01c633d03be2caa927867df9940f075d0aed147349a6db1d93e833cb96e83561d91349bcded509df0d38a97b60765dcae1
-
SSDEEP
12288:SuqGY9wn8lISIgt6M177MgRudvlE9neaw:5M7l9tSdva5
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-