snakekeylogger | 7fb33351d6ef6a9ae6f3c953b3c45743281217ed32c7fe8ef8d9f06161589e7d | Triage

Submit
Reports

Overview

overview

Static

static

TRACKING NUMBER.doc

windows7_x64

TRACKING NUMBER.doc

windows10_x64

1

Sharing

General

Target

TRACKING NUMBER.doc
Size

63KB
Sample

210728-vqcgj9k1ax
MD5

85f32390c19a033a1d2569863469a615
SHA1

81689cd34e0ad021432bd0db43f5313cf0189705
SHA256

7fb33351d6ef6a9ae6f3c953b3c45743281217ed32c7fe8ef8d9f06161589e7d
SHA512

34ae29f2bcce0f213e76f92e298ad875180a5683ada3dd45d6ad2078a060e74a6ab3573be1268ef1d10e90c7d8d0614f226c77bc5f60f42aa7f2d8a5d24556e7

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

TRACKING NUMBER.doc

Resource

win7v20210408

snakekeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TRACKING NUMBER.doc

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
bh-16.webhostbox.net
Port:
587
Username:
whesilolog@miratechs.gq
Password:
7213575aceACE@#$

Targets

- Target
  
  TRACKING NUMBER.doc
- Size
  
  63KB
- MD5
  
  85f32390c19a033a1d2569863469a615
- SHA1
  
  81689cd34e0ad021432bd0db43f5313cf0189705
- SHA256
  
  7fb33351d6ef6a9ae6f3c953b3c45743281217ed32c7fe8ef8d9f06161589e7d
- SHA512
  
  34ae29f2bcce0f213e76f92e298ad875180a5683ada3dd45d6ad2078a060e74a6ab3573be1268ef1d10e90c7d8d0614f226c77bc5f60f42aa7f2d8a5d24556e7
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy