snakekeylogger | 9906d7c05680fc4b3e9c741e5c95d6c8acbd88f7ded4b451270cdfa7c8847c30 | Triage

Submit
Reports

Overview

overview

Static

static

DHL Notifi...df.exe

windows7_x64

DHL Notifi...df.exe

windows10_x64

Sharing

General

Target

DHL Notification-pdf.exe
Size

1.2MB
Sample

210726-6f2zx97gwn
MD5

5228ecf840cf5bb8a37af32fdab81fe8
SHA1

200dc5f0010ce6cc1e27be47f7772b84454794c6
SHA256

9906d7c05680fc4b3e9c741e5c95d6c8acbd88f7ded4b451270cdfa7c8847c30
SHA512

f709e9e3f5dc74e04c3ad30df96926781a095c29c469b04151d0b17a14fca7ca5167fd7c084ba05e2fdb2082bf45597f06c1449bae2facec1472cbb1a4bbb00b

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

DHL Notification-pdf.exe

Resource

win7v20210410

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL Notification-pdf.exe

Resource

win10v20210410

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
25
Username:
admin@evapimlogs.com
Password:
BkKMmzZ1

Targets

- Target
  
  DHL Notification-pdf.exe
- Size
  
  1.2MB
- MD5
  
  5228ecf840cf5bb8a37af32fdab81fe8
- SHA1
  
  200dc5f0010ce6cc1e27be47f7772b84454794c6
- SHA256
  
  9906d7c05680fc4b3e9c741e5c95d6c8acbd88f7ded4b451270cdfa7c8847c30
- SHA512
  
  f709e9e3f5dc74e04c3ad30df96926781a095c29c469b04151d0b17a14fca7ca5167fd7c084ba05e2fdb2082bf45597f06c1449bae2facec1472cbb1a4bbb00b
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy