General
-
Target
30062024_0223_29062024_new order.zip
-
Size
294KB
-
Sample
240630-ct5xeawclk
-
MD5
4266c5d22188aeca59a0239b2e00c7fa
-
SHA1
9d99bd35d9eade3efd48c0a625ed192f3c34168b
-
SHA256
59adf3a83ab785cdf2959b4b545338ecc8ccbaa48bee744230e620a20d5fe8de
-
SHA512
92b75848bf4f05bb234e223ab710cdf38282c660254a5dacf8ead1720a4a9e9f9aa16f4079473becdde412e61669d514fb093b8a05b524717eeb0c9d092a08d0
-
SSDEEP
6144:bLXMN5BdZLZnubFUH9M2h3cVXStfVPXijYH1cHPIFUw:nXMBdruSH97AitFpH1EgFUw
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
new order.exe
-
Size
482KB
-
MD5
01c1bc3aa16ddb58b7d0fd28a723251f
-
SHA1
782bfcfcf7f66a98c280a9a39d852f6e238a0478
-
SHA256
da6b0f4662ab7c277189dafa7f323551c54982b2d54466feefc27d83a3c90e3c
-
SHA512
ecf618c120de072bf747ad3e45dc872b3dcd2e58cdc7dbf2bb1816d5560c9ea168ce968e99b09f126a17290e5bd37b5bf5c6f61a82e5008c0723478eeff2da50
-
SSDEEP
6144:wXuAPKbOs/ASmh4okC/fLWt+MJLwVXSGN8hOCXODNlPK5HFTkXkX9I8:wXuBV/FmaorLWtzCiyNQl
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-