snakekeylogger | e4023297b3b3918787683d59c9ebf0c5786cdf50f42f54c50aa5571e7dae29f7 | Triage

Submit
Reports

Overview

overview

Static

static

1

S09900090K.exe

windows7_x64

7

S09900090K.exe

windows10_x64

Sharing

General

Target

S09900090K.exe
Size

206KB
Sample

210607-p893rlxmqx
MD5

717af05a9247debb55e8a57cb5096df4
SHA1

c0f8e0518f372e52fa5245c1ee3992ac02e15a5f
SHA256

e4023297b3b3918787683d59c9ebf0c5786cdf50f42f54c50aa5571e7dae29f7
SHA512

13a7c5dfe3474f3c4b17a52525203953adb82a82f11e6a688543d00afc6f00eacdced92990802622c885ee88fe01c73d6297d9de6db512f282d35544a243ea15

Score

10^/10

snakekeylogger keylogger persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

S09900090K.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

S09900090K.exe

Resource

win10v20210410

snakekeylogger keylogger persistence stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.1and1.com
Port:
587
Username:
andres.galarraga@sismode.com
Password:
Andres1.2

Targets

- Target
  
  S09900090K.exe
- Size
  
  206KB
- MD5
  
  717af05a9247debb55e8a57cb5096df4
- SHA1
  
  c0f8e0518f372e52fa5245c1ee3992ac02e15a5f
- SHA256
  
  e4023297b3b3918787683d59c9ebf0c5786cdf50f42f54c50aa5571e7dae29f7
- SHA512
  
  13a7c5dfe3474f3c4b17a52525203953adb82a82f11e6a688543d00afc6f00eacdced92990802622c885ee88fe01c73d6297d9de6db512f282d35544a243ea15
Score

10^/10

persistence snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerpersistencestealer

© 2018-2024

Terms | Privacy