snakekeylogger | 01cccbd3a723331004dbf8de510380d5c328b8f3d8ae936fb4b9dd4f6259e532

General

Target

AMENDED INVOICE & COO DOCS.exe
Size

415KB
Sample

211021-wj6kqsbdhr
MD5

d693f58558538c9e8daf36fbd374db55
SHA1

25f77f246f27956647f2d4ddab85da100431d129
SHA256

01cccbd3a723331004dbf8de510380d5c328b8f3d8ae936fb4b9dd4f6259e532
SHA512

dc6cc23407f4a25645704202e6b81dd092a972bd7c5123612fed9d3bfc57823534ad443c036f70f1e843891b3dc7f977f002561de2292f2ea7fd1dda8f1e68cb

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendMessage?chat_id=1063661839

Targets

- Target
  
  AMENDED INVOICE & COO DOCS.exe
- Size
  
  415KB
- MD5
  
  d693f58558538c9e8daf36fbd374db55
- SHA1
  
  25f77f246f27956647f2d4ddab85da100431d129
- SHA256
  
  01cccbd3a723331004dbf8de510380d5c328b8f3d8ae936fb4b9dd4f6259e532
- SHA512
  
  dc6cc23407f4a25645704202e6b81dd092a972bd7c5123612fed9d3bfc57823534ad443c036f70f1e843891b3dc7f977f002561de2292f2ea7fd1dda8f1e68cb
Score

10^/10

snakekeylogger collection evasion keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2