snakekeylogger | 45479517c35a7efb32ab28968deeda5e3926f06b81ab4cf2b7ab9a87f3de336c | Triage

Submit
Reports

Overview

overview

Static

static

PO#JFUB000...df.exe

windows7_x64

PO#JFUB000...df.exe

windows10_x64

Sharing

General

Target

PO#JFUB0002 4QjPQ2oE-pdf.exe
Size

636KB
Sample

210727-vhta9d1hcs
MD5

43bf8478bf2676d95193f62fde2a11c0
SHA1

9153d608d75978006c760e1ce1cc9599e336d711
SHA256

45479517c35a7efb32ab28968deeda5e3926f06b81ab4cf2b7ab9a87f3de336c
SHA512

dcae9b03580955ef385859a45cbb886352374371855e9ec1370065da9a172297b6112114c06668ccd74b3136f2c2b191368845721ebc6434779e62d0e86720a3

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

PO#JFUB0002 4QjPQ2oE-pdf.exe

Resource

win7v20210410

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO#JFUB0002 4QjPQ2oE-pdf.exe

Resource

win10v20210408

snakekeylogger keylogger stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
25
Username:
admin@evapimlogs.com
Password:
BkKMmzZ1

Targets

- Target
  
  PO#JFUB0002 4QjPQ2oE-pdf.exe
- Size
  
  636KB
- MD5
  
  43bf8478bf2676d95193f62fde2a11c0
- SHA1
  
  9153d608d75978006c760e1ce1cc9599e336d711
- SHA256
  
  45479517c35a7efb32ab28968deeda5e3926f06b81ab4cf2b7ab9a87f3de336c
- SHA512
  
  dcae9b03580955ef385859a45cbb886352374371855e9ec1370065da9a172297b6112114c06668ccd74b3136f2c2b191368845721ebc6434779e62d0e86720a3
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy