snakekeylogger | bc5587fc7b0ae1762cf3a8d5437608ccb908c8eaaeb219f1abb7ee4cad57d1ba | Triage

Submit
Reports

Overview

overview

Static

static

IMG_80137.pdf.exe

windows7_x64

IMG_80137.pdf.exe

windows10_x64

Sharing

General

Target

IMG_80137.pdf.exe
Size

1.6MB
Sample

210119-gm19yrmp7a
MD5

581632a12c1a592209d0601ed1636e81
SHA1

97edd171131eb1a3ae9e63aa18b7596bf7ab9d44
SHA256

bc5587fc7b0ae1762cf3a8d5437608ccb908c8eaaeb219f1abb7ee4cad57d1ba
SHA512

d768bcc9feb675f9defb63be246b21b685add5bfe57d2c9dc13da265ec0fa268cf6a84b07aa8745b57fdf3b0a73b8aad00f221776ed8ebd5e853a7b736cf8230

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

IMG_80137.pdf.exe

Resource

win7v20201028

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IMG_80137.pdf.exe

Resource

win10v20201028

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  IMG_80137.pdf.exe
- Size
  
  1.6MB
- MD5
  
  581632a12c1a592209d0601ed1636e81
- SHA1
  
  97edd171131eb1a3ae9e63aa18b7596bf7ab9d44
- SHA256
  
  bc5587fc7b0ae1762cf3a8d5437608ccb908c8eaaeb219f1abb7ee4cad57d1ba
- SHA512
  
  d768bcc9feb675f9defb63be246b21b685add5bfe57d2c9dc13da265ec0fa268cf6a84b07aa8745b57fdf3b0a73b8aad00f221776ed8ebd5e853a7b736cf8230
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy