snakekeylogger | 242f17b9bbfd619a8e22c2c0b4368831e4cbc1729a4d6da65aefd5d62c575aca | Triage

Sharing

General

Target

SOA.exe
Size

365KB
Sample

211130-hj7wxaeahk
MD5

b2694f03afc0bf056d54cf6983653343
SHA1

7abebfb8dcebe30838bc7bad49853fadfaf11e12
SHA256

242f17b9bbfd619a8e22c2c0b4368831e4cbc1729a4d6da65aefd5d62c575aca
SHA512

0f5435279b36771637e30be7b6a85adba8327a5f743b13f5108fcda2e7576efc82fac1d87563846949f77f2e54fef4197e41739ca636dbb30bafa10693c80fb5

Score

10^/10

snakekeylogger collection keylogger stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.agc.com.sa
Port:
587
Username:
vijayakumar.singh@agc.com.sa
Password:
admin@admin$$

Targets

- Target
  
  SOA.exe
- Size
  
  365KB
- MD5
  
  b2694f03afc0bf056d54cf6983653343
- SHA1
  
  7abebfb8dcebe30838bc7bad49853fadfaf11e12
- SHA256
  
  242f17b9bbfd619a8e22c2c0b4368831e4cbc1729a4d6da65aefd5d62c575aca
- SHA512
  
  0f5435279b36771637e30be7b6a85adba8327a5f743b13f5108fcda2e7576efc82fac1d87563846949f77f2e54fef4197e41739ca636dbb30bafa10693c80fb5
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer