snakekeylogger | 18d86210ca1721632ee4a17030313ca4c9f60aa0657d83a6cc576b9889558eef | Triage

Submit
Reports

Static

static

Purchase_O...20.exe

windows7_x64

Purchase_O...20.exe

windows10_x64

Sharing

General

Target

Purchase_Order_11_19_20.exe
Size

715KB
Sample

201119-mjqrcb4cz2
MD5

e492155e4d4cab9522ef4144234c8069
SHA1

97694934fc9e0caf9efb751e687ca7290f79ff2d
SHA256

18d86210ca1721632ee4a17030313ca4c9f60aa0657d83a6cc576b9889558eef
SHA512

094a8f459e10e20540cd0fc2f4cc8445aa7ac1b720eed0636fb8baf24cdda39a3f7b20b2e8d964bc6f2f15fd95847d721e77a1056594cd0d5ccd907c76812217

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Purchase_Order_11_19_20.exe

Resource

win7v20201028

snakekeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase_Order_11_19_20.exe

Resource

win10v20201028

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.zavidovici.ba
Port:
587
Username:
[email protected]
Password:
12Opc21!

Targets

- Target
  
  Purchase_Order_11_19_20.exe
- Size
  
  715KB
- MD5
  
  e492155e4d4cab9522ef4144234c8069
- SHA1
  
  97694934fc9e0caf9efb751e687ca7290f79ff2d
- SHA256
  
  18d86210ca1721632ee4a17030313ca4c9f60aa0657d83a6cc576b9889558eef
- SHA512
  
  094a8f459e10e20540cd0fc2f4cc8445aa7ac1b720eed0636fb8baf24cdda39a3f7b20b2e8d964bc6f2f15fd95847d721e77a1056594cd0d5ccd907c76812217
Score

10^/10

snakekeylogger keylogger stealer spyware
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy