snakekeylogger | 5c490fcd927f87434dca860aa71947a31942bcabfed0adb27ab16a0fe1412fe1 | Triage

Submit
Reports

Overview

overview

Static

static

9

NEW PURCHA...ER.exe

windows7_x64

NEW PURCHA...ER.exe

windows10_x64

Sharing

General

Target

NEW PURCHASE ORDER.exe
Size

577KB
Sample

210201-1mr51wzzs6
MD5

3080525809aefe707920c99cf4188b9a
SHA1

ca74f0622d9125aa89c563609ad562f82f1877c7
SHA256

5c490fcd927f87434dca860aa71947a31942bcabfed0adb27ab16a0fe1412fe1
SHA512

7abaf9d7002dbf437c991629d6cd876b69a0ee05f1fef586c3b8749cbededddc486524082c6065ad1260c0aa3c5976c2edeb9f8901dda19a1557bf0040c06eb5

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

NEW PURCHASE ORDER.exe

Resource

win7v20201028

snakekeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NEW PURCHASE ORDER.exe

Resource

win10v20201028

snakekeylogger keylogger stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  NEW PURCHASE ORDER.exe
- Size
  
  577KB
- MD5
  
  3080525809aefe707920c99cf4188b9a
- SHA1
  
  ca74f0622d9125aa89c563609ad562f82f1877c7
- SHA256
  
  5c490fcd927f87434dca860aa71947a31942bcabfed0adb27ab16a0fe1412fe1
- SHA512
  
  7abaf9d7002dbf437c991629d6cd876b69a0ee05f1fef586c3b8749cbededddc486524082c6065ad1260c0aa3c5976c2edeb9f8901dda19a1557bf0040c06eb5
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy