Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 21/09/2021

21th of September 2021 - Winners of the 38th week : Redline, NjRAT and Raccoon.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

21/09/2021

Distribution :

TLP : WHITE  

What's new?

Snake(NC)

Another "Quotation"-themed SnakeKeylogger campaign

#Snake Keylogger world campaign has been detected by @JAMESWT. The email named "Quotation" contains an "#LZH" archive attachment with an #EXE inside. The binary delivered the malware itself which will collect all sensitive data before sent it by #smtp. SnakeKeylogger, also known as #404KeyLogger and initially released in 2019 on a Russian forum, is a #subscription-based keylogger and #datastealer. Its main capability is to log any keyboard stroke, but it can also extract many personal and sensitive information such as #web browser information (credentials database, credit cards,...). It can also take #screenshots and extract #clipboard information. SnakeKeyLogger can be bought for 25 to 500 USD on underground forums including services and the malware itself. Its usual methods of #data exfiltration could be #email, #FTP, #smtp, #Pastebin or #Telegram. Based on the recent analysis of #HP threatresearch, it was reported that five keylogger families active in the last two years are likely derived from the same code base.

 

https://www.difesaesicurezza.com/areariservatacat/cybercrime-torna-la-campagna-snakekeylogger-a-tema-quotation/

 

Download the report

 

 

Print Email