snakekeylogger | 1486a2ea19a9a383f1b5ce201a4a0ef973269094c87faa9458cfe913dd1e4a88 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7_x64

7

file.exe

windows10_x64

Sharing

General

Target

file.exe
Size

752KB
Sample

210131-wwwc8ascla
MD5

d89078bbe0d8a9268aafaff40e113ed9
SHA1

fe4cedfa403a32311227871410e0abf998b6b8ef
SHA256

1486a2ea19a9a383f1b5ce201a4a0ef973269094c87faa9458cfe913dd1e4a88
SHA512

8f411e9ddab7eadeda75d8680dec43ace49c48a19f5c232033a0e1511cd7ac4c8c1acd0c53379c7a207bdf3dab66659c0bd24accdeddc8a080aeaddf68d518fb

Score

10^/10

snakekeylogger keylogger persistence ransomware stealer

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7v20201028

persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v20201028

snakekeylogger keylogger persistence ransomware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  752KB
- MD5
  
  d89078bbe0d8a9268aafaff40e113ed9
- SHA1
  
  fe4cedfa403a32311227871410e0abf998b6b8ef
- SHA256
  
  1486a2ea19a9a383f1b5ce201a4a0ef973269094c87faa9458cfe913dd1e4a88
- SHA512
  
  8f411e9ddab7eadeda75d8680dec43ace49c48a19f5c232033a0e1511cd7ac4c8c1acd0c53379c7a207bdf3dab66659c0bd24accdeddc8a080aeaddf68d518fb
Score

10^/10

persistence ransomware snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceransomware

behavioral2

snakekeyloggerkeyloggerpersistenceransomwarestealer

© 2018-2024

Terms | Privacy