skip to Main Content

Cybercrime, strange SnakeKeylogger campaign from Pakistan

Technical analysis by the Malware Hunter JAMESWT

Strange SnakeKeylogger campaign from Pakistan. The email lzh attachment contains a zip disguised as a bat. To open it you need a password, the name of the exe inside: the malware

A fake email from a company in Pakistan conveys a strange global SnakeKeylogger campaign.

The compressed attachment in lzh format contains a bat file. This, however, is actually a zip which, when unpacked, asks for the password to be opened. This is the name of the executable inside, the malware itself, but it is not specified in the message text.

Its complexity makes it hardly dangerous for users, even the less experienced ones. There are two hypotheses in this regard: either the cybercrime actors made mistakes in setting it up, or the goal was not to infect the victims. Criminals may want to test both the malware’s ability to evade anti-virus systems and whether the message is actually read by the targets.

Malware’s C2

 

Back To Top