snakekeylogger | 20351bfb18a4c774795e240a1a143754493ce9c89edf007c5cb110e4bce447a9 | Triage

Sharing

General

Target

ISO-77002387418311pdf.exe
Size

858KB
Sample

211020-ygy4zsadfn
MD5

2ea15aa68317ad61bdcff453f0750281
SHA1

10bfcd418e65f26a49f8c8c589352872d32d0492
SHA256

20351bfb18a4c774795e240a1a143754493ce9c89edf007c5cb110e4bce447a9
SHA512

5b92dfebaffc4c4fefd0ea0bbd85f6add5480f4039d5b940e26c2ade527719e73acf77302bf5853864d7ed0243af09b2f15b58312d1c0a6f62e6bae29c01b7e8

Score

10^/10

snakekeylogger collection keylogger stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
restd.xyz
Port:
587
Username:
amp@netjul.club
Password:
gg@6{ZL65h,*

Targets

- Target
  
  ISO-77002387418311pdf.exe
- Size
  
  858KB
- MD5
  
  2ea15aa68317ad61bdcff453f0750281
- SHA1
  
  10bfcd418e65f26a49f8c8c589352872d32d0492
- SHA256
  
  20351bfb18a4c774795e240a1a143754493ce9c89edf007c5cb110e4bce447a9
- SHA512
  
  5b92dfebaffc4c4fefd0ea0bbd85f6add5480f4039d5b940e26c2ade527719e73acf77302bf5853864d7ed0243af09b2f15b58312d1c0a6f62e6bae29c01b7e8
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer