It then proceeds to load the decrypted Dll module (a. Next, it calls “ToRc()” function to RC4 decrypt it using a decryption key "Dllzjn". It then invokes another function “Program.List_Types()”, where it downloads Snake Keylogger module from the link “hxxps//store2gofileio/download/0283e6ba-afc6-4dcb-b2f4-3173d666e2c4/Huzeigtmvaplpinhoo.dll”, which is a RC4 encrypted DLL file. Twenty one seconds later, the downloader then invokes a function called “Consturctor()”, as you can see in Figure 2.1. It displays a vague picture of a document and asks the victim to click the yellow button to get a clearer image. Figure 1.1 shows a screenshot of when it is opened. This Excel sample, delivered as an attachment in a phishing email, contains malicious Macro VBA code. What the Captured Microsoft Excel Sample Looks Like Impact: Collects sensitive information from victims’ device In this threat research blog you will learn how the Snake Keylogger variant is downloaded and executed through a captured Excel sample, what techniques this variant uses to protect it from being analyzed, what sensitive information it steals from a victim’s machine, and how it submits that collected data to the attacker. In July, 2021, Snake Keylogger first entered into a TOP 10 popular malware families report, meaning that the Snake Keylogger family is increasing its influence and impacting more people’s devices and sensitive data. It first appeared in late 2020 and focused on stealing sensitive information from a victim’s device, including saved credentials, the victim’s keystrokes, screenshots of the victim’s screen, and clipboard data. Snake Keylogger is a malware developed using. After researching its behaviors, I recognized it as a fresh variant of the Snake Keylogger malware. Fortinet’s FortiGuard Labs recently captured a Microsoft Excel sample from the wild that was used to spread malware.
0 kommentar(er)
