snakekeylogger | f23eca05013c2cc70a34d176362ea27488988afba7f362b372509273dc5cd449 | Triage

Submit
Reports

Overview

overview

Static

static

New_Reques...82.exe

windows7_x64

New_Reques...82.exe

windows10_x64

Sharing

General

Target

New_Requests_30175082.exe
Size

643KB
Sample

211018-prptmaeecp
MD5

68433ca29865ac4f36e1753c37f9128d
SHA1

007d128da117c20d278508cfbfee948bc67ab404
SHA256

f23eca05013c2cc70a34d176362ea27488988afba7f362b372509273dc5cd449
SHA512

e089be063c7b88a6f6f872032533e1ada27deae584751f714b6740421f6956ba45d50bdd829fe4a3aad69e231fb03f9c2d34ce1e1039097b0bbca372afdbbe17

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

New_Requests_30175082.exe

Resource

win7-en-20210920

snakekeylogger collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New_Requests_30175082.exe

Resource

win10-en-20211014

snakekeylogger collection keylogger stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
budgetn.shop
Port:
587
Username:
[email protected]
Password:
eC~Z,TG&S9jM

Targets

- Target
  
  New_Requests_30175082.exe
- Size
  
  643KB
- MD5
  
  68433ca29865ac4f36e1753c37f9128d
- SHA1
  
  007d128da117c20d278508cfbfee948bc67ab404
- SHA256
  
  f23eca05013c2cc70a34d176362ea27488988afba7f362b372509273dc5cd449
- SHA512
  
  e089be063c7b88a6f6f872032533e1ada27deae584751f714b6740421f6956ba45d50bdd829fe4a3aad69e231fb03f9c2d34ce1e1039097b0bbca372afdbbe17
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy