snakekeylogger | cbccf4aa82c3140302ffd2692e87869a29e6801c707c759a57ef43fad475cfc3 | Triage

Submit
Reports

Overview

overview

Static

static

gGQWGJWR4jzvzse.exe

windows7_x64

gGQWGJWR4jzvzse.exe

windows10_x64

Sharing

General

Target

gGQWGJWR4jzvzse.exe
Size

570KB
Sample

210201-avz4753g1j
MD5

2a48c243fba628695fced8e761bd9a4c
SHA1

e34ae27a0f2c5a41a4103384f50e2744f4413731
SHA256

cbccf4aa82c3140302ffd2692e87869a29e6801c707c759a57ef43fad475cfc3
SHA512

d6f1540f6a4d9d8e7b8e0f4fd030eb7a555ac2daec1ad2bee70fb452b88c9f981ee22335de623f34e044eb5270405f6b19b01cc39b817df6183d7d25f5765080

Score

10^/10

snakekeylogger keylogger ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

gGQWGJWR4jzvzse.exe

Resource

win7v20201028

snakekeylogger keylogger ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

gGQWGJWR4jzvzse.exe

Resource

win10v20201028

snakekeylogger keylogger ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  gGQWGJWR4jzvzse.exe
- Size
  
  570KB
- MD5
  
  2a48c243fba628695fced8e761bd9a4c
- SHA1
  
  e34ae27a0f2c5a41a4103384f50e2744f4413731
- SHA256
  
  cbccf4aa82c3140302ffd2692e87869a29e6801c707c759a57ef43fad475cfc3
- SHA512
  
  d6f1540f6a4d9d8e7b8e0f4fd030eb7a555ac2daec1ad2bee70fb452b88c9f981ee22335de623f34e044eb5270405f6b19b01cc39b817df6183d7d25f5765080
Score

10^/10

snakekeylogger keylogger ransomware spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerransomwarespywarestealer

behavioral2

snakekeyloggerkeyloggerransomwarespywarestealer

© 2018-2024

Terms | Privacy