snakekeylogger | 7065c0e426806e2d05ea956efc6e790595163494c5f66bb30d54bef771764f9d | Triage

Sharing

General

Target

SOA.exe
Size

367KB
Sample

211130-hjm7haeagm
MD5

6323ec4de1703dec9bf3f77480e24b99
SHA1

c34df01130e9ed98f6a335f21f334f282906afb7
SHA256

7065c0e426806e2d05ea956efc6e790595163494c5f66bb30d54bef771764f9d
SHA512

aa792d6ab9ec3bc52c39318bba428cb46c6e7d6f65dfd3aa02410280fd9d98f3d747eb76d7f4e16a707a5eec2356706da7810c6d20c18915bda1a12c513fe180

Score

10^/10

snakekeylogger collection keylogger stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stlwtgroup.com
Port:
587
Username:
simon.ho@stlwtgroup.com
Password:
Simon97292457

Targets

- Target
  
  SOA.exe
- Size
  
  367KB
- MD5
  
  6323ec4de1703dec9bf3f77480e24b99
- SHA1
  
  c34df01130e9ed98f6a335f21f334f282906afb7
- SHA256
  
  7065c0e426806e2d05ea956efc6e790595163494c5f66bb30d54bef771764f9d
- SHA512
  
  aa792d6ab9ec3bc52c39318bba428cb46c6e7d6f65dfd3aa02410280fd9d98f3d747eb76d7f4e16a707a5eec2356706da7810c6d20c18915bda1a12c513fe180
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer