General
-
Target
3af41da6cc3321fb4954e35e6f2f13ed7c2cc547f43eb1b9a2cfd4ed9d38c344
-
Size
560KB
-
Sample
241204-v7njdsylfl
-
MD5
6489c2a2edb54bb6564df9cb218edf05
-
SHA1
cf9ea9f4973f9b438f9dedbec8a714b78611c84b
-
SHA256
3af41da6cc3321fb4954e35e6f2f13ed7c2cc547f43eb1b9a2cfd4ed9d38c344
-
SHA512
7ab3e215ff9d8330bac168e5f60fd91e270ebbcd4fab027e2bc749d6fd7966a56a495daf9113e550830ec4ca66543c2de22fef363bdc9fa66ffe356d8976feb6
-
SSDEEP
12288:yfAgXkhMOoltiJirLMW6diPxsElSiiGiLaD8Lbu:wkh5oDiJgLMWtxIaD8H
Malware Config
Targets
-
-
Target
3af41da6cc3321fb4954e35e6f2f13ed7c2cc547f43eb1b9a2cfd4ed9d38c344
-
Size
560KB
-
MD5
6489c2a2edb54bb6564df9cb218edf05
-
SHA1
cf9ea9f4973f9b438f9dedbec8a714b78611c84b
-
SHA256
3af41da6cc3321fb4954e35e6f2f13ed7c2cc547f43eb1b9a2cfd4ed9d38c344
-
SHA512
7ab3e215ff9d8330bac168e5f60fd91e270ebbcd4fab027e2bc749d6fd7966a56a495daf9113e550830ec4ca66543c2de22fef363bdc9fa66ffe356d8976feb6
-
SSDEEP
12288:yfAgXkhMOoltiJirLMW6diPxsElSiiGiLaD8Lbu:wkh5oDiJgLMWtxIaD8H
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-