snakekeylogger | db27960e5407802bd8416782c93898baf8c89e240348db47870ef55091195feb | Triage

Submit
Reports

Overview

overview

Static

static

Number of ...e.xlsx

windows7_x64

Number of ...e.xlsx

windows10_x64

1

Sharing

General

Target

Number of Package.xlsx
Size

718KB
Sample

210728-5xfvd617sx
MD5

a247cc8b5eb2f580aa454b3846c3ad36
SHA1

415bb2fdedf27176947e557ac969a09b9e9d035a
SHA256

db27960e5407802bd8416782c93898baf8c89e240348db47870ef55091195feb
SHA512

31f99e8545b8bc6254a498d590c6b79ded8bc7213f1f407652cfc6d36702b5c6bd5918add236d9d50085ccb8d97f0b6ca721e192aed06d4e0c0e3e606c4de4e8

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Number of Package.xlsx

Resource

win7v20210408

snakekeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Number of Package.xlsx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bh-16.webhostbox.net
Port:
587
Username:
whesilolog@miratechs.gq
Password:
7213575aceACE@#$

Targets

- Target
  
  Number of Package.xlsx
- Size
  
  718KB
- MD5
  
  a247cc8b5eb2f580aa454b3846c3ad36
- SHA1
  
  415bb2fdedf27176947e557ac969a09b9e9d035a
- SHA256
  
  db27960e5407802bd8416782c93898baf8c89e240348db47870ef55091195feb
- SHA512
  
  31f99e8545b8bc6254a498d590c6b79ded8bc7213f1f407652cfc6d36702b5c6bd5918add236d9d50085ccb8d97f0b6ca721e192aed06d4e0c0e3e606c4de4e8
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy