snakekeylogger | 324648121065cedc469faff107cd9abd306864f3b9d6c2170be8c5f8be313417 | Triage

Submit
Reports

Overview

overview

Static

static

IMG_53771.pdf.exe

windows7_x64

IMG_53771.pdf.exe

windows10_x64

Sharing

General

Target

1.iso
Size

2.2MB
Sample

210119-x26hs7m1m6
MD5

604d56198567815c69fd3eb291b7e245
SHA1

c5978390f74177f1fd53b1b2eee6543b01243603
SHA256

324648121065cedc469faff107cd9abd306864f3b9d6c2170be8c5f8be313417
SHA512

228021c830263e005fcb6eb0625a81c4ba8d590e35c3c33cbd67dd7da170d58bb88413dd273def35708cd8d136dd86cd3ff3faf6e0f6996933033d69ffac4fec

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

IMG_53771.pdf.exe

Resource

win7v20201028

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

IMG_53771.pdf.exe

Resource

win10v20201028

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  IMG_53771.pdf.exe
- Size
  
  1.6MB
- MD5
  
  86b54654ac95dc27eb76c8dce196d3b8
- SHA1
  
  d3f800c5cd196e72365de73c3b0f3b76d0540aef
- SHA256
  
  2109e18f96cf5f627351d52a48eecc483b67e02fd3f1a0e58088f615afc3737f
- SHA512
  
  a17e47307b1fe307138ea0cdb5d084d53b2cd41b08d602fe2a740ea1b77f66624d92ca46fe72fb494a8835caa4a45219b196a434f095c7372732e0821f4a2006
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy