snakekeylogger | c4fd7b8e1bbd50ac784df0a4f2dc5e2b3589d038b419edd946bc7be0c6b7a1c5 | Triage

Submit
Reports

Overview

overview

Static

static

SHIPPING D...PL.exe

windows7_x64

SHIPPING D...PL.exe

windows10_x64

Sharing

General

Target

SHIPPING DOCUMENT & PL.rar
Size

237KB
Sample

210802-j292w36wla
MD5

a92849186eaf5b4cccecd5132b449806
SHA1

2b1eabf63728810bfe66fe06e92fc1f4738c79fc
SHA256

c4fd7b8e1bbd50ac784df0a4f2dc5e2b3589d038b419edd946bc7be0c6b7a1c5
SHA512

e25825dff2d668f79163fcad85b5b39b3b172d27f4c46223c058efa10e981c54b95bb8dc1947d14f9ac5c3807cd6caae841a55b67c5889f5c7b5a2b92f14bd83

Score

10^/10

snakekeylogger keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SHIPPING DOCUMENT & PL.exe

Resource

win7v20210408

snakekeylogger keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SHIPPING DOCUMENT & PL.exe

Resource

win10v20210410

snakekeylogger keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.dairysystems.co.ke
Port:
587
Username:
[email protected]
Password:
2019@systems

Extracted

Credentials

Protocol: smtp
Host:
mail.dairysystems.co.ke
Port:
587
Username:
[email protected]
Password:
2019@systems

Targets

- Target
  
  SHIPPING DOCUMENT & PL.exe
- Size
  
  524KB
- MD5
  
  ef7c473221c4ab4a50a89a3ac440cfcb
- SHA1
  
  cb0c43f78c15ca4647630b66c1e99717c3901a86
- SHA256
  
  d01f8fc17997730628aa3af35b790defbdacd7a81a3f0166252a30a804a52d20
- SHA512
  
  c1b2324423f888924e0aaed71d46971106d1bf559716dd951577453d7d7d8a1847053aaac70fa1f687b58fb8ac143afc935c796789eab78a63834f60b2978359
Score

10^/10

snakekeylogger keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerspywarestealer

behavioral2

snakekeyloggerkeyloggerspywarestealer

© 2018-2024

Terms | Privacy