snakekeylogger | e6208325c155b89a626654ffbf06de21ef809ba583c9742952f006326fce8493 | Triage

Submit
Reports

Overview

overview

Static

static

DOC_scan10002.doc

windows7_x64

DOC_scan10002.doc

windows10_x64

1

Sharing

General

Target

DOC_scan10002.doc
Size

62KB
Sample

210727-81x38yv996
MD5

a79887f6a16088002da8171f306e1c35
SHA1

61f8ebea354416303d5904f625255c8381852a2e
SHA256

e6208325c155b89a626654ffbf06de21ef809ba583c9742952f006326fce8493
SHA512

8fd416b2d297715dc07bee2e1c517c7f19445da4fd3a2ed5ef3500d79d5e39b74d7d5b82009c61c1e144fef797d9e94dce30c9460958a08ef3afd8e9e4493c15

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

DOC_scan10002.doc

Resource

win7v20210408

snakekeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DOC_scan10002.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.bundabergtrophies.com.au
Port:
587
Username:
admin@bundabergtrophies.com.au
Password:
nKlnBbMZLI

Targets

- Target
  
  DOC_scan10002.doc
- Size
  
  62KB
- MD5
  
  a79887f6a16088002da8171f306e1c35
- SHA1
  
  61f8ebea354416303d5904f625255c8381852a2e
- SHA256
  
  e6208325c155b89a626654ffbf06de21ef809ba583c9742952f006326fce8493
- SHA512
  
  8fd416b2d297715dc07bee2e1c517c7f19445da4fd3a2ed5ef3500d79d5e39b74d7d5b82009c61c1e144fef797d9e94dce30c9460958a08ef3afd8e9e4493c15
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy