snakekeylogger | 0e5e4212729cd58a31421559db4c4b972306487beb067285ca1bd3324e059824 | Triage

Submit
Reports

Overview

overview

Static

static

wire_pmt_d...df.exe

windows7_x64

wire_pmt_d...df.exe

windows10_x64

Sharing

General

Target

wire_pmt_details_6212021,pdf.7z
Size

509KB
Sample

210621-kep2367h76
MD5

c1f4631dbf52bd39e93b66095ba20eff
SHA1

403da2b5ba1738aef0fcb1dc76c8996751dc9b0e
SHA256

0e5e4212729cd58a31421559db4c4b972306487beb067285ca1bd3324e059824
SHA512

53ff07a423b04fd9252228a1d80c1c21fb760c66ca4634792a4d7166ea1637b6919d7586aaf59e5addd2d7439883486799b03419cc93d3e6dc253f15a29e08f0

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

wire_pmt_details_6212021,pdf.exe

Resource

win7v20210408

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

wire_pmt_details_6212021,pdf.exe

Resource

win10v20210410

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
nicolas.sautter@chsauter-bc.com
Password:
111aaa

Targets

- Target
  
  wire_pmt_details_6212021,pdf.exe
- Size
  
  695KB
- MD5
  
  e57cda842a821935f5819f7a861d1bcc
- SHA1
  
  053877f119d842e91d62af1e9082ac7b7222ad8d
- SHA256
  
  619d47029ebd28342d5a099b67d7eece183a4424d63b56abf66a7fe25169fca0
- SHA512
  
  1905ed39ca480526ce1d146fa7a316fe6856d1433238881c2748325ac8792da534e7fa0a6dd335c97b3f3e801f2382a7481113c41f2371eb68c5a16ba884f442
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy