Rewterz Threat Alert – Snake Keylogger’s Malware– Active IOCs

Severity

Medium

Analysis Summary

Snake is a modular .NET keylogger that was first spotted in late November 2020. Snake malware’s main feature is keylogging, but it also has additional capabilities such as taking screenshots and extracting data from the clipboard. Snake can also extract and exfiltrate data from browsers and email clients. 
Snake’s name was derived from strings found in its log files and string obfuscation code. Using the malware’s builder, a threat actor can select and configure desired features and then generate new payloads. For this reason, the capabilities of samples found in the wild can vary. 

Impact

• Credential Theft

Indicators of Compromise

MD5

• 961e1134c38666b5b66f4bd78806d47d
• 4503cc8f6ec76d080c93b3213ee04f03
• 5ecfa951459f2920fbcf87d261d2c172
• 0dd856f20f436aa64efe0beccae00e7e
• 51625928bfbb6fcb35837c35576edfe9

SHA-256

• 95f55666460d57d8189c71000cb03e0485884df2a3f922d4060682204a66aa87
• 52ea9c74febe9144a15c945f7b829e29c9295a353d69fc46ef9b0467944bec46
• 3b7bd3400b14a3c32cc1caae51dd966103dd88f49cb09c8e33a80a031b0f15ca
• 0425d2947e503a0b7cf466adb601f54c699d53597a8323ed20eb7b5583222dac
• 0bf20915664398e96f5ab93c46e022d4f712288d1af75a1d43beb3f4555bbbc

SHA-1

• 105d517ef75d9f3737fbd904cb31e58cfa873298
• 5bf9051d806a6de245cde8097f499d290886052d
• ecbbbba0359fab354c17f92e0468953ba85dd305
• 2070a47d8bb58c5011eced1f8b319068e90e0cac
• 972c79739b8a3ef152e66afdf6f1f78962a31887

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment