General
-
Target
905f74fb158b50341e6dc710a60dad37.exe
-
Size
11KB
-
Sample
210928-gh17asaff3
-
MD5
905f74fb158b50341e6dc710a60dad37
-
SHA1
b54645bb347a4c76d73f2ff0e46aa4bd9b010ae0
-
SHA256
e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335
-
SHA512
930d2133a759bbb634d9cb2860dbc7ce03215d68ea46d396d6eb1d6484c5a2104bec21a0d873e831f1f5f218e1fa44c1dbaef57fdf27fb8b66e57bea929abcf7
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://ftp.servicoscisi.shop/ - Port:
21 - Username:
snaky@servicoscisi.shop - Password:
Light1988@
Targets
-
-
Target
905f74fb158b50341e6dc710a60dad37.exe
-
Size
11KB
-
MD5
905f74fb158b50341e6dc710a60dad37
-
SHA1
b54645bb347a4c76d73f2ff0e46aa4bd9b010ae0
-
SHA256
e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335
-
SHA512
930d2133a759bbb634d9cb2860dbc7ce03215d68ea46d396d6eb1d6484c5a2104bec21a0d873e831f1f5f218e1fa44c1dbaef57fdf27fb8b66e57bea929abcf7
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Downloads MZ/PE file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-