snakekeylogger | 12525ec37ff174175f0b10bcefef933647a786fb78be4582162e9556354243c4 | Triage

Submit
Reports

Overview

overview

Static

static

Zalando_mail_14.exe

windows7_x64

Zalando_mail_14.exe

windows10_x64

Sharing

General

Target

Zalando_mail_14.exe
Size

779KB
Sample

210616-fwbpblet4x
MD5

c6a06d0f5f22625f504bf0eb93da4d92
SHA1

bbb3626a74c145ec86102ba0a0fee4f34e2bdeec
SHA256

12525ec37ff174175f0b10bcefef933647a786fb78be4582162e9556354243c4
SHA512

93196d13a8cc9f54b8c3820c5c7045ac799ca8d51015c56f2e7d6a0e82c73c939a7ae563718a005d868824cef10b1cc184b7e54c0eb5cb91175c34f349d0a156

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Zalando_mail_14.exe

Resource

win7v20210410

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Zalando_mail_14.exe

Resource

win10v20210410

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
nicolas.sautter@chsauter-bc.com
Password:
111aaa

Targets

- Target
  
  Zalando_mail_14.exe
- Size
  
  779KB
- MD5
  
  c6a06d0f5f22625f504bf0eb93da4d92
- SHA1
  
  bbb3626a74c145ec86102ba0a0fee4f34e2bdeec
- SHA256
  
  12525ec37ff174175f0b10bcefef933647a786fb78be4582162e9556354243c4
- SHA512
  
  93196d13a8cc9f54b8c3820c5c7045ac799ca8d51015c56f2e7d6a0e82c73c939a7ae563718a005d868824cef10b1cc184b7e54c0eb5cb91175c34f349d0a156
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy