Date: 08/29/2024
Severity: High
Summary
The "Deep Analysis of Snake Keylogger’s New Variant" involves a detailed examination of a recent version of the Snake keylogger, a type of malicious software designed to capture keystrokes and sensitive information from infected devices. This analysis aims to uncover the new variant’s advanced features, techniques for evading detection, and its impact on cybersecurity. Insights from this analysis help in understanding how the keylogger operates, its potential threats, and strategies for defending against it.
Indicators of Compromise (IOC) List
URL/Domain | http://192.3.176.138/xampp/zoom/107.hta http://urlty.co/byPCO http://192.3.176.138/107/sahost.exe |
Hash |
484E5A871AD69D6B214A31A3B7F8CFCED71BA7A07E62205A90515F350CC0F723
8406A1D7A33B3549DD44F551E5A68392F85B5EF9CF8F9F3DB68BD7E02D1EABA7
6F6A660CE89F6EA5BBE532921DDC4AA17BCD3F2524AA2461D4BE265C9E7328B9
207DD751868995754F8C1223C08F28633B47629F78FAAF70A3B931459EE60714 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
URL/Domain | userdomainname like "http://192.3.176.138/xampp/zoom/107.hta" or url like "http://192.3.176.138/xampp/zoom/107.hta" or userdomainname like "http://urlty.co/byPCO" or url like "http://urlty.co/byPCO" or userdomainname like "http://192.3.176.138/107/sahost.exe" or url like "http://192.3.176.138/107/sahost.exe" |
Hash |
sha256hash IN ("207DD751868995754F8C1223C08F28633B47629F78FAAF70A3B931459EE60714","484E5A871AD69D6B214A31A3B7F8CFCED71BA7A07E62205A90515F350CC0F723","8406A1D7A33B3549DD44F551E5A68392F85B5EF9CF8F9F3DB68BD7E02D1EABA7","6F6A660CE89F6EA5BBE532921DDC4AA17BCD3F2524AA2461D4BE265C9E7328B9") |
Reference:
https://www.fortinet.com/blog/threat-research/deep-analysis-of-snake-keylogger-new-variant