A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, second consecutive day for SnakeKeylogger via Garanti BBVA
Second consecutive day for SnakeKeylogger via Garanti BBVA. The email changes the text and the compressed attachment. Inside, however, there is an exe with the same malware and the stolen data is exfiltrated via Telegram Api to the same C2
Second consecutive day for the SnakeKeylogger campaign via Garanti BBVA, which changes the text of the email and attachment.
This becomes a z-compressed file, with an exe inside: the malware. The stolen files are then exfiltrated via Telegram API, through the same C2 as yesterday’s message.
SnakeKeylogger is an infostealer that can acquire information via various methods.