General
-
Target
4b6a9daefc35a680c726bede57b9a1e7.bin
-
Size
841KB
-
Sample
240705-b4jw9azanm
-
MD5
4e1fa05b588ff05475076bed92af66e2
-
SHA1
4e20bcaccf780a837e9a720025e1c45776fa4cd1
-
SHA256
d584b7069ec337044e57af66df7c2e6d70e2542993307d9a335d4861091f9c47
-
SHA512
1afc8990f431e9e21711941cb8795eb4b4ef7ec6a1c2b96a28b4c9f1ae409dac35402c36a1261068fe1ae51b6c4edba0a351bb5e3b8e94af642f82483964a476
-
SSDEEP
24576:+sNeTAEUCiH3W4MNwlD2MpIvURWWXIosOFMjtWbgDtAZD:UUEUpHIqYvOt9lFM0bgDtm
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.myanmarblossom.com - Port:
587 - Username:
[email protected] - Password:
tsa211772023kyi - Email To:
[email protected]
http://103.130.147.85
Targets
-
-
Target
f4950f52673c4a9fc9a369228ba52f417038fcbba3901245921ba8a68fba5a6b.exe
-
Size
881KB
-
MD5
4b6a9daefc35a680c726bede57b9a1e7
-
SHA1
75f1c17dcb8d7d07aba3de32e432a198432fd65b
-
SHA256
f4950f52673c4a9fc9a369228ba52f417038fcbba3901245921ba8a68fba5a6b
-
SHA512
f3d4d1872ce0e9e75ab82c218dd5ee1b4dad80f1b0b92f79e1338cffa9acffacabe7646e9db1a206fa5715c8d6ad872a562957bf8e46264f9e2acbf7106aeb16
-
SSDEEP
12288:mx4DpIngdgIMVJwhIF6A1fUiMxwsVc481bBg4/DnoOVTBkFuVclJ/cocNboPhAMh:ld0G46AVUi2mXwOeldNcNsJR7SJw
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-