snakekeylogger | a8fa9629e664dc5169ba376825d202790690218a3e00ef7393d2e19e1a983a20 | Triage

Submit
Reports

Overview

overview

Static

static

New PO.xls_.exe

windows7_x64

New PO.xls_.exe

windows10_x64

Sharing

General

Target

_New PO.xls_.zip
Size

599KB
Sample

210423-qmtgtmj9wa
MD5

1d52eb40d9250600ad3effc351f7c9ad
SHA1

964677b23aef6187890b6fc1c9b6956e4e09adf6
SHA256

a8fa9629e664dc5169ba376825d202790690218a3e00ef7393d2e19e1a983a20
SHA512

b00f7310cb000d14090a079a3fdd8816d5037e172ce31c9f140ed37efc92a715bcb08faecd19cfe576cf8acdb94ead93261d15a505cc1fe68289f85415375ea4

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

New PO.xls_.exe

Resource

win7v20210408

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New PO.xls_.exe

Resource

win10v20210408

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.lallyautomobiles.net
Port:
587
Username:
servicekrl@lallyautomobiles.net
Password:
Welcome@2021

Targets

- Target
  
  New PO.xls_.exe
- Size
  
  823KB
- MD5
  
  25ca1917e0bceca252031cd318ca2255
- SHA1
  
  b241b8ce758acfd6ff0a3df464caf7f3105d0777
- SHA256
  
  5ee0ab3fbf21156b9e04fcc7e3a7a80934d11a34855c826985661fb276de88fb
- SHA512
  
  3e9a48a3e927969a2f7f740afee8f37bb188831477d13dd3442b307eff8e90ccf1c3a154c2e1215bd605650c27c358558fad0a2bf6d291a7f17609bd83056309
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy