Rewterz Threat Alert – Donot APT Group – Active IOCs
May 30, 2022Rewterz Threat Alert – XLoader Malware – Active IOCs
May 30, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
May 30, 2022Rewterz Threat Alert – XLoader Malware – Active IOCs
May 30, 2022Severity
Medium
Analysis Summary
Snake is a modular .NET keylogger and credential stealer first spotted in late November 2020. Since then, new campaigns spreading this malware have been seen almost daily. Snake’s name was derived from strings found in its log files and string obfuscation code. Using the malware’s builder, a threat actor can select and configure desired features then generate new payloads. For this reason, the capabilities of samples found in the wild can vary. Analysing Snake reveals that it is a comprehensive keylogger and data stealer.
Impact
- Credential Theft
Indicators of Compromise
MD5
2f128134cacab4e4b78536da780f954d
6a8b336736fbb267032ac5afd6426f9b
SHA-256
f5893287478488bff118b8dc31bc8ebac1f7c6fc755534c4072072ea667a1840
d4edb1acc2e1f9f4a22a7e82d69d27a58028f12b6e9a3df7625e0ef8895b3fa6
SHA-1
dff60b4f14fec9b0cef3e108f4bed86fefb5fd88
2305463c4b3d0ca9827599f1882ef12761da24e2
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment