General
-
Target
z17Mz7zumpwTUMRxyS.exe
-
Size
678KB
-
Sample
241031-wcetfatkcq
-
MD5
337574f09ff0a772aedbd6f7c2064496
-
SHA1
f24b5b9369763cc23758407fa1729294750d8e5e
-
SHA256
96bfa7096fb76234a5774f70dc444d719c7553ac83db00fdbb04c1eec318d4c4
-
SHA512
2cf83e21895266cf05e65bc4934c09c8aba59fe9a1db62b07ec2dd4e463d5a4555d46c1e1ae74447c7c5e120885d72027ec763fb32634ba63441ef9e519d3d26
-
SSDEEP
12288:tn9Inte+7jOOIQ7vCSfm5F28BaaiR+fzszuSFtQhU1atc2/Q4AyrrRPdw:tK7tIS8QaikfgqSFtcUUa2o4JPd
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7733074716:AAHPqUDZNcrQPzH_G03x5ppIOnkxZuz-Nyk/sendMessage?chat_id=7337843299
Targets
-
-
Target
z17Mz7zumpwTUMRxyS.exe
-
Size
678KB
-
MD5
337574f09ff0a772aedbd6f7c2064496
-
SHA1
f24b5b9369763cc23758407fa1729294750d8e5e
-
SHA256
96bfa7096fb76234a5774f70dc444d719c7553ac83db00fdbb04c1eec318d4c4
-
SHA512
2cf83e21895266cf05e65bc4934c09c8aba59fe9a1db62b07ec2dd4e463d5a4555d46c1e1ae74447c7c5e120885d72027ec763fb32634ba63441ef9e519d3d26
-
SSDEEP
12288:tn9Inte+7jOOIQ7vCSfm5F28BaaiR+fzszuSFtQhU1atc2/Q4AyrrRPdw:tK7tIS8QaikfgqSFtcUUa2o4JPd
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-