Overview

overview

10

Static

static

0000000000...00.exe

windows7_x64

10

0000000000...00.exe

windows10_x64

10

Analysis

  • max time kernel
    108s
  • max time network
    109s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    18-01-2021 18:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    000000000009000000.exe

  • Size

    2.0MB

  • MD5

    461c2f7a18021fc7dacfc9b56a0e7f23

  • SHA1

    beb1a5817802137d5a59aa901670a87590a7b02c

  • SHA256

    0d5b8fae3f5a14d0cccf3e1390d1d1bb8e7a5f09a34d77a7239a359cff80404e

  • SHA512

    4ec980338e4c2cc3a71cb8a6a663682e5aa595b0aebabb040ae72cc4c00d7c970b8f9acb9e189e9da67ef27163309f72f2e1cfbd0a73e9ac6bda3f61528e83fb

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Signatures

  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger
  • Snake Keylogger Payload 1 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\000000000009000000.exe
    "C:\Users\Admin\AppData\Local\Temp\000000000009000000.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:504
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/504-4-0x0000000003530000-0x0000000003593000-memory.dmp
    Filesize

    396KB

    Download
  • memory/504-5-0x0000000000BF0000-0x0000000000BF3000-memory.dmp
    Filesize

    12KB

    Download
  • memory/3628-2-0x00000000004643BE-mapping.dmp
    Download
  • memory/3628-3-0x00000000736C0000-0x0000000073DAE000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/3628-6-0x0000000000400000-0x000000000046A000-memory.dmp
    Filesize

    424KB

    Download
  • memory/3628-8-0x00000000057E0000-0x00000000057E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3628-9-0x0000000005380000-0x0000000005381000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3628-10-0x0000000005270000-0x0000000005271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3628-11-0x00000000062B0000-0x00000000062B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3628-12-0x0000000006480000-0x0000000006481000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3628-13-0x00000000061F0000-0x00000000061F1000-memory.dmp
    Filesize

    4KB

    Download