Overview

overview

10

Static

static

259828bb5f...24.exe

windows7_x64

1

259828bb5f...24.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    259828bb5f45d915f7b9b28867e46724.exe

  • Size

    447KB

  • Sample

    210118-yvvsgtckkx

  • MD5

    259828bb5f45d915f7b9b28867e46724

  • SHA1

    e53f6dcc0e057a6d3f871bfcaea3046caf514bbe

  • SHA256

    9a654036705d1183d6d86f20b3124a1c3e03034286391311b66034130f7ed645

  • SHA512

    aaff6a93d9ca0921b6c4e35bde83e8a0b55f34b2b8552a950a508ab7291d0adf403f4af8c9dbb3fc02ef5aa70ffac9630ca703291c780eaaaff00065949b511e

Score
10/10
snakekeyloggerkeyloggerstealer

Malware Config

Targets

    • Target

      259828bb5f45d915f7b9b28867e46724.exe

    • Size

      447KB

    • MD5

      259828bb5f45d915f7b9b28867e46724

    • SHA1

      e53f6dcc0e057a6d3f871bfcaea3046caf514bbe

    • SHA256

      9a654036705d1183d6d86f20b3124a1c3e03034286391311b66034130f7ed645

    • SHA512

      aaff6a93d9ca0921b6c4e35bde83e8a0b55f34b2b8552a950a508ab7291d0adf403f4af8c9dbb3fc02ef5aa70ffac9630ca703291c780eaaaff00065949b511e

    Score
    10/10
    snakekeyloggerkeyloggerstealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks