snakekeylogger | 6f7d6ab9dd45bebc793602779f132e11a28884dfc688f7710cdad670931e9864 | Triage

Submit
Reports

Overview

overview

Static

static

req quote.bat.exe

windows7_x64

req quote.bat.exe

windows10_x64

Sharing

General

Target

req quote.lzh
Size

381KB
Sample

210727-evb4bp9932
MD5

e715d7983639ed5cd57d1d6d90814893
SHA1

9af6b35d8ffe5d6292c2cb75b42624f8eaa783f7
SHA256

6f7d6ab9dd45bebc793602779f132e11a28884dfc688f7710cdad670931e9864
SHA512

74e130effec38fff553085ec2a5bfb6eb78166d57db823dd507f729efb2406a1452f501f3affdb9a72cf6b09f8b91ae5e39f69d69190ef7f403e14c8d34ce6e9

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

req quote.bat.exe

Resource

win7v20210410

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

req quote.bat.exe

Resource

win10v20210408

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
webmail.aquariushotelboutique.com
Port:
25
Username:
bseriosema@aquariushotelboutique.com
Password:
6)fvPIxcEVwT

Targets

- Target
  
  req quote.bat
- Size
  
  547KB
- MD5
  
  3988c73d0fe8cc854333752bc9c16413
- SHA1
  
  607cf59d672fc032bcd63caa0e77b0c3a62121b9
- SHA256
  
  78c0352da41b3c206b12ea2d8d3f96c33c361e2211437c9746629023b1f0c094
- SHA512
  
  1ac7d447c0ce756af2bfc381dc1c8d939e0e649d76ead8da7d9abd24dee3758192a6bd0cd9bcef5e72f2df507a18a8f1bde3b89867eb17895fb0f18b0faf0744
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy