snakekeylogger | 5ff91ab46e1a82df8a7efffc4175fa68a42fb1452e17b64041c6d570c87d8fd4 | Triage

Sharing

General

Target

ISO-77002387418602.bin.zip
Size

226KB
Sample

211020-qvlf2shba9
MD5

6751823f451aaebe65a653a3f338148d
SHA1

afae1db56240ca7610384d5458d6f83d6c6af2b9
SHA256

5ff91ab46e1a82df8a7efffc4175fa68a42fb1452e17b64041c6d570c87d8fd4
SHA512

d86d885b7db7f1b78dea523e57eb69fba13ca6a0854fad711aa6730ad942169a120370af9062d711aaf324767ff5322046217fc3641aad5eb441182b6ca33072

Score

10^/10

snakekeylogger collection keylogger stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
budgetn.shop
Port:
587
Username:
[email protected]
Password:
eC~Z,TG&S9jM

Targets

- Target
  
  ISO-77002387418602.bin
- Size
  
  558KB
- MD5
  
  3446b3427eb52e09af7b7424d8bd6dc3
- SHA1
  
  780f36db6bdafed0966c2951e86142b43105f0f2
- SHA256
  
  0cc6f444f52c66cd955fa64184e8784b8ec735a0d8b2f1f4c060532fcd54e9f8
- SHA512
  
  7596395c37d037bff11dcf9e3f59039602b965c9cd36fedf344ef83dff3cce5c80aec345d4eaee4ecc2b5036b6a34473f7f31d3291d651baeddad762e5c7fbfe
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer