snakekeylogger | c527b03caf1b11138845e12a19b81ccdbc2f50f69c52e249d44652050cc30fa1 | Triage

Submit
Reports

Overview

overview

Static

static

FedEx 772...oc.rtf

windows7_x64

FedEx 772...oc.rtf

windows10_x64

1

Sharing

General

Target

FedEx 772584418730.doc
Size

504KB
Sample

210119-h8h37tppva
MD5

7aeebfb82be46c7753fce4382115b326
SHA1

e207226193a25f6eb8011accaed451d9156924ff
SHA256

c527b03caf1b11138845e12a19b81ccdbc2f50f69c52e249d44652050cc30fa1
SHA512

7b509f3b3791b5da8ec1f73c04e72d7c048c6e90df21d3792b4725d3422b30785f8be0e52f35471f271f3b25edddeb6ecf4b81334afd964f8c7964107f53d7eb

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

FedEx 772584418730.doc.rtf

Resource

win7v20201028

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FedEx 772584418730.doc.rtf

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  FedEx 772584418730.doc
- Size
  
  504KB
- MD5
  
  7aeebfb82be46c7753fce4382115b326
- SHA1
  
  e207226193a25f6eb8011accaed451d9156924ff
- SHA256
  
  c527b03caf1b11138845e12a19b81ccdbc2f50f69c52e249d44652050cc30fa1
- SHA512
  
  7b509f3b3791b5da8ec1f73c04e72d7c048c6e90df21d3792b4725d3422b30785f8be0e52f35471f271f3b25edddeb6ecf4b81334afd964f8c7964107f53d7eb
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy