snakekeylogger | d5b6e38e9f49fc345baf7b20c2ba7dae8fb24b99f45f30499244e54a52e532b5 | Triage

Submit
Reports

Overview

overview

Static

static

Request Quotation.exe

windows7_x64

Request Quotation.exe

windows10_x64

Sharing

General

Target

Request Quotation.exe
Size

698KB
Sample

210616-5r1d62ml5s
MD5

78b77bb40dde1d7c2922ee8288365e81
SHA1

a2476c79e3f07b1d71c17b62c338cbd65977e519
SHA256

d5b6e38e9f49fc345baf7b20c2ba7dae8fb24b99f45f30499244e54a52e532b5
SHA512

4a5e5f51c04c2ce059eab4cb4576965ed83643f8834e072e952e2c778969529c43835d2edd4bb8b6f2fd6d81c96508572590ff8be62f600d97dc487933b3bb5d

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Request Quotation.exe

Resource

win7v20210408

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Request Quotation.exe

Resource

win10v20210408

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.dadupipes.com
Port:
587
Username:
tenders@dadupipes.com
Password:
1Y=Ye-bEjmB5

Targets

- Target
  
  Request Quotation.exe
- Size
  
  698KB
- MD5
  
  78b77bb40dde1d7c2922ee8288365e81
- SHA1
  
  a2476c79e3f07b1d71c17b62c338cbd65977e519
- SHA256
  
  d5b6e38e9f49fc345baf7b20c2ba7dae8fb24b99f45f30499244e54a52e532b5
- SHA512
  
  4a5e5f51c04c2ce059eab4cb4576965ed83643f8834e072e952e2c778969529c43835d2edd4bb8b6f2fd6d81c96508572590ff8be62f600d97dc487933b3bb5d
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy