Yogesh Londhe :verified: · @YogeshLondhe
52 followers · 51 posts · Server infosec.exchange#SnakeKeylogger
bf03d9b7526fa27b76b4c53bda49190d
->Quote order -76567.msg
->d0987654345678SJ0.pdf. zIP
->d0987654345678SJ0.exe
Brad · @malware_traffic
1998 followers · 69 posts · Server infosec.exchange
2023-01-02 (Monday): from info I posted at https://twitter.com/malware_traffic/status/1609964048824647681
This is the first malware sample I've looked into for 2023!
#SnakeTracker sample at https://bazaar.abuse.ch/sample/c0e8dcf4096de51fec0709a1e6778923be7f5320389e38cf6b93965ef4daa904
Interesting (to me) data exfiltration over SMTP, similar to what I've seen before with #AgentTesla, but this looks specific to the #SnakeTracker family.
Malware Bazaar tagged this as #SnakeKeyLogger, but I didn't let this run long enough to get any actual keylogging. Based on what I'm seeing, it calls itself "Snake Tracker" instead of Snake Key Logger.
#snaketracker #agenttesla #snakekeylogger
Yogesh Londhe :verified: · @YogeshLondhe
30 followers · 15 posts · Server infosec.exchange#SnakeKeylogger
-> Request for Quote UNIVERSAL BANGKOK - UBK O0202 RF22.msg
->Purchase Order#2615-547235.doc
->bolingoh58317.exe
24a9dfaa232d36c55f60f9c14d69c322