General
-
Target
29122024_0210_25122024_SV0987780P1.z
-
Size
461KB
-
Sample
241229-clxaasyphs
-
MD5
d41be215f86c58708623952a17377941
-
SHA1
0e8bd6f0f36f76ecd3277964fb3c4edd42db4421
-
SHA256
6bb5f1be49887fccdbafbb15cfb3f26f0c6b48611d71a19a6995a0f04c410411
-
SHA512
cb7d0430cb0fd1c8426a9f12257b64747ad99804348846251013298246dc8ae9d597ae5afd50d5808fcd1b3b56a9d053bfd2c2431173f9960b49fd66619670d5
-
SSDEEP
12288:I5fbSAuPjxMMNnWWpFkSP+mQLvxGLbn9gdQCqhWvDj:IBbK9XvkSSYJgzvDj
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.daipro.com.mx - Port:
587 - Username:
[email protected] - Password:
DAIpro123** - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
SV0987780P1.exe
-
Size
760KB
-
MD5
172b3f98d777d8ea6f5a274d31e5d391
-
SHA1
1c4484f95a1cf6c5be8b753d2d16367f36ce0a04
-
SHA256
c348a5e7125bee1e35b518e6e429e8332f8d867de3d3807a92cfbd850912c3c0
-
SHA512
7fa8ec59586356640c3bdf2d6db6df0d51e8be85e42e67e20458d5f2de15054e60c5b766ca15b19e9dde6cfff303ac686d729c9d0fe5c70f05276231d93a9c81
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLGdQIqhWz27:ffmMv6Ckr7Mny5QLGdz27
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-