General
-
Target
(appproved)WJO-TT180,pdf.exe
-
Size
812KB
-
Sample
210223-nb3ctb5w42
-
MD5
e47851c94fdefd958cfe16af2af3661a
-
SHA1
7e027a9fadf5f4d9c1bb65c68db34cc5318353b0
-
SHA256
92244ef8477d782361d87f7571458bccf8de2af4cccfd738bde234d91216fbe3
-
SHA512
69d1a380c186752263b5a64828551f5f2dda0ed327145bcdd537fbce1d07795b5dc52a7e0a07f8a64fda7b5dab33a64096c60c6b5ad7191186c25f33c08cb10d
Malware Config
Targets
-
-
Target
(appproved)WJO-TT180,pdf.exe
-
Size
812KB
-
MD5
e47851c94fdefd958cfe16af2af3661a
-
SHA1
7e027a9fadf5f4d9c1bb65c68db34cc5318353b0
-
SHA256
92244ef8477d782361d87f7571458bccf8de2af4cccfd738bde234d91216fbe3
-
SHA512
69d1a380c186752263b5a64828551f5f2dda0ed327145bcdd537fbce1d07795b5dc52a7e0a07f8a64fda7b5dab33a64096c60c6b5ad7191186c25f33c08cb10d
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-