snakekeylogger | 98bba6280dc438b35e3d0a4f468d1e50dd44bdafdd3e8c396a6dacf6be50fd71

General

Target

PROFORMA INVOICE.scr
Size

22KB
Sample

210226-4z8yzalj62
MD5

4480e5c41df955746e6b762828e64ddb
SHA1

75fd2876572e72da98a99065152c338f935d722f
SHA256

98bba6280dc438b35e3d0a4f468d1e50dd44bdafdd3e8c396a6dacf6be50fd71
SHA512

92db76915c468ab2e3a1185b3ee5a0d8849bfb623e5bfdf0fa128a002b16e768097b9440c905a4cb38b70aee9b36c21ce2db57f150f93fc5845ff5f667957a41

Score

10^/10

Malware Config

Targets

- Target
  
  PROFORMA INVOICE.scr
- Size
  
  22KB
- MD5
  
  4480e5c41df955746e6b762828e64ddb
- SHA1
  
  75fd2876572e72da98a99065152c338f935d722f
- SHA256
  
  98bba6280dc438b35e3d0a4f468d1e50dd44bdafdd3e8c396a6dacf6be50fd71
- SHA512
  
  92db76915c468ab2e3a1185b3ee5a0d8849bfb623e5bfdf0fa128a002b16e768097b9440c905a4cb38b70aee9b36c21ce2db57f150f93fc5845ff5f667957a41
Score

10^/10

snakekeylogger evasion keylogger stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Turns off Windows Defender SpyNet reporting
  evasion
- Windows security bypass
  evasion trojan
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Privilege Escalation

Defense Evasion

Modify Registry

4

T1112

Disabling Security Tools

4

T1089

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies Windows Defender Real-time Protection settings

Snake Keylogger

Snake Keylogger Payload

Turns off Windows Defender SpyNet reporting

Windows security bypass

Nirsoft

Executes dropped EXE

Loads dropped DLL

Windows security modification

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2