snakekeylogger | 2d5fd822f5e87ccaac8fc9a90050383aed0e32abc3d54378357116771291af05 | Triage

Submit
Reports

Overview

overview

Static

static

New_Reques...02.exe

windows7_x64

New_Reques...02.exe

windows10_x64

Sharing

General

Target

New_Requests_35003502.exe
Size

640KB
Sample

211018-nebkssedcm
MD5

c35701db9ac9d8b75bb57b2758363804
SHA1

fdf6f6997c0dd7228a904d70a2cbe97151c3405b
SHA256

2d5fd822f5e87ccaac8fc9a90050383aed0e32abc3d54378357116771291af05
SHA512

63562fb8154017a61a3e64fbd9c09494c6e87ba0b50352002be6d2c0e4e036caa89bf7212ef8cabb5936a2680fd5ad0a3cda6e87e97854039db53e01ee34db26

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

New_Requests_35003502.exe

Resource

win7-en-20210920

snakekeylogger collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New_Requests_35003502.exe

Resource

win10-en-20211014

snakekeylogger collection keylogger stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
reptw.xyz
Port:
587
Username:
[email protected]
Password:
=W;D)NMYK*HI

Targets

- Target
  
  New_Requests_35003502.exe
- Size
  
  640KB
- MD5
  
  c35701db9ac9d8b75bb57b2758363804
- SHA1
  
  fdf6f6997c0dd7228a904d70a2cbe97151c3405b
- SHA256
  
  2d5fd822f5e87ccaac8fc9a90050383aed0e32abc3d54378357116771291af05
- SHA512
  
  63562fb8154017a61a3e64fbd9c09494c6e87ba0b50352002be6d2c0e4e036caa89bf7212ef8cabb5936a2680fd5ad0a3cda6e87e97854039db53e01ee34db26
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy