General
-
Target
cf373d59d88f1f5ef32f5a9f9c39d00cab9d6befc520a851f22580b7b875085b.exe
-
Size
1.7MB
-
Sample
240627-b23xcawcje
-
MD5
f0a7781c9a02f82dbf8da76b84ca87fc
-
SHA1
d06d67bb9d00f66d0517ffd9d32c703f00b33640
-
SHA256
cf373d59d88f1f5ef32f5a9f9c39d00cab9d6befc520a851f22580b7b875085b
-
SHA512
c8eab7b5c6c1d21ac47764ec978fe5b12260fc3f8d4a57a5939bc5d7e0707eee03c1631e1945087d200974e9b0fb621ca739596af9ecf28b47b430b21b0a1beb
-
SSDEEP
49152:vOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5ZqIrRo2ht1N1avkoU:uv85H
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.speedhouseoman.com - Port:
587 - Username:
[email protected] - Password:
SpH@0084
Targets
-
-
Target
cf373d59d88f1f5ef32f5a9f9c39d00cab9d6befc520a851f22580b7b875085b.exe
-
Size
1.7MB
-
MD5
f0a7781c9a02f82dbf8da76b84ca87fc
-
SHA1
d06d67bb9d00f66d0517ffd9d32c703f00b33640
-
SHA256
cf373d59d88f1f5ef32f5a9f9c39d00cab9d6befc520a851f22580b7b875085b
-
SHA512
c8eab7b5c6c1d21ac47764ec978fe5b12260fc3f8d4a57a5939bc5d7e0707eee03c1631e1945087d200974e9b0fb621ca739596af9ecf28b47b430b21b0a1beb
-
SSDEEP
49152:vOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5ZqIrRo2ht1N1avkoU:uv85H
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-