snakekeylogger | e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1 | Triage

Submit
Reports

Overview

overview

Static

static

whesilox.exe

windows7_x64

whesilox.exe

windows10_x64

Sharing

General

Target

whesilox.exe
Size

715KB
Sample

210722-s3b195t3rx
MD5

facd1c07ffcfb16de518d0c977814d92
SHA1

27aa313a64ff37d6c31bd1a0a9953f00a48b3408
SHA256

e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1
SHA512

b6332e6de6b41014db759a1fb0c25996ee20f8be1c4f1a792d957a2b7edbb366b0378884e82fc497f707589ad1afd0bfc3b83c69919e897f8b9acf13edb10f33

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

whesilox.exe

Resource

win7v20210408

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

whesilox.exe

Resource

win10v20210410

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bh-16.webhostbox.net
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$

Targets

- Target
  
  whesilox.exe
- Size
  
  715KB
- MD5
  
  facd1c07ffcfb16de518d0c977814d92
- SHA1
  
  27aa313a64ff37d6c31bd1a0a9953f00a48b3408
- SHA256
  
  e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1
- SHA512
  
  b6332e6de6b41014db759a1fb0c25996ee20f8be1c4f1a792d957a2b7edbb366b0378884e82fc497f707589ad1afd0bfc3b83c69919e897f8b9acf13edb10f33
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy