General
-
Target
FOB offer_1164087223_I0133P2100363812.PDF.exe
-
Size
3.2MB
-
Sample
210223-ej444gcqjj
-
MD5
b10eafcd59bf5d8b5fcaea7175343da7
-
SHA1
ba5b3ade8e66f73650eb50ec3ca78695e215e4e9
-
SHA256
e2a36e86351414834625d38ab44ba38de9195a28ab9b4445696c98f80fef9e09
-
SHA512
a2f30966dcd4e5f0ba8bd6f8bde00b3b0b5904a24ecd60a2e15c69bb73ddbc9b74c3a906400558958f41cc85bb6956f029261551ed3806828e27fd0aace8b556
Malware Config
Targets
-
-
Target
FOB offer_1164087223_I0133P2100363812.PDF.exe
-
Size
3.2MB
-
MD5
b10eafcd59bf5d8b5fcaea7175343da7
-
SHA1
ba5b3ade8e66f73650eb50ec3ca78695e215e4e9
-
SHA256
e2a36e86351414834625d38ab44ba38de9195a28ab9b4445696c98f80fef9e09
-
SHA512
a2f30966dcd4e5f0ba8bd6f8bde00b3b0b5904a24ecd60a2e15c69bb73ddbc9b74c3a906400558958f41cc85bb6956f029261551ed3806828e27fd0aace8b556
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-