snakekeylogger | 24d1536cab85c5b987c854fa774c874137d43f310045c41de9a41a0abd042264 | Triage

Submit
Reports

Overview

overview

7

Static

static

StubV4.exe

windows7_x64

7

StubV4.exe

windows10_x64

7

Sharing

General

Target

StubV4.exe
Size

121KB
Sample

210607-8m6qyqvppj
MD5

b28520a52116f6d4aff843821f12def0
SHA1

ce4c528523eefd7feea36a878d7870965834baec
SHA256

24d1536cab85c5b987c854fa774c874137d43f310045c41de9a41a0abd042264
SHA512

8d1c227a1e99570a7206ed490b6eda6b2780efc0595c9fce8266e3ccbf73ec85584efe763457f670c5c7e497b236efb2ddac75fd1823fa5fd3aeec81158a344e

Score

10^/10

snakekeylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

StubV4.exe

Resource

win7v20210410

spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

StubV4.exe

Resource

win10v20210408

spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.vivaldi.net
Port:
465
Username:
pagosbogaitrans@vivaldi.net
Password:
Qwerty2020Hp##

C2

https://api.telegram.org/bot1487657528:AAFnNHLAtj_ujed9_IjvpSguj8z_a4GKbog/sendMessage?chat_id=1443320838

Targets

- Target
  
  StubV4.exe
- Size
  
  121KB
- MD5
  
  b28520a52116f6d4aff843821f12def0
- SHA1
  
  ce4c528523eefd7feea36a878d7870965834baec
- SHA256
  
  24d1536cab85c5b987c854fa774c874137d43f310045c41de9a41a0abd042264
- SHA512
  
  8d1c227a1e99570a7206ed490b6eda6b2780efc0595c9fce8266e3ccbf73ec85584efe763457f670c5c7e497b236efb2ddac75fd1823fa5fd3aeec81158a344e
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy