snakekeylogger | 6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689 | Triage

Submit
Reports

Overview

overview

Static

static

fopcsUpMj6lv84P.exe

windows7_x64

fopcsUpMj6lv84P.exe

windows10_x64

Sharing

General

Target

fopcsUpMj6lv84P.exe
Size

1.1MB
Sample

210728-bnw9nxzera
MD5

934e8ac2fdeef16454904dbfdae4f19a
SHA1

4fa2deb2b1ae553845bc5b45ae5640aad464cb21
SHA256

6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689
SHA512

998fd29c4a8e473213d4e78cb921731558773b11e02fe4ef2f2ee373969afcd380d95ffbdb29963c17eb6cea4fa0dcf487ea34b6029ce626dbb8f5c985b0976e

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fopcsUpMj6lv84P.exe

Resource

win7v20210408

snakekeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fopcsUpMj6lv84P.exe

Resource

win10v20210410

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.maplesglobal.net
Port:
587
Username:
[email protected]
Password:
GHARIFEH@8ZHEQDEH

Targets

- Target
  
  fopcsUpMj6lv84P.exe
- Size
  
  1.1MB
- MD5
  
  934e8ac2fdeef16454904dbfdae4f19a
- SHA1
  
  4fa2deb2b1ae553845bc5b45ae5640aad464cb21
- SHA256
  
  6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689
- SHA512
  
  998fd29c4a8e473213d4e78cb921731558773b11e02fe4ef2f2ee373969afcd380d95ffbdb29963c17eb6cea4fa0dcf487ea34b6029ce626dbb8f5c985b0976e
Score

10^/10

snakekeylogger keylogger stealer spyware
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy