snakekeylogger | f01dacce7e8eb48d0cbeda2e17dfd3d6f6494cb9d2b7a455256dd24e4110af7c | Triage

Submit
Reports

Overview

overview

Static

static

DHL-20210112-PDF.exe

windows7_x64

3

DHL-20210112-PDF.exe

windows10_x64

Sharing

General

Target

DHL-20210112-PDF.exe
Size

376KB
Sample

211201-vrzxgsebhp
MD5

9f306b99839580edc4d121870abb5b04
SHA1

0b2fc63e4edbf80a93366e7ec2e3e8aeffd7cc38
SHA256

f01dacce7e8eb48d0cbeda2e17dfd3d6f6494cb9d2b7a455256dd24e4110af7c
SHA512

bab1e630a21bf0e6b1f4da997598fe4477dda9d3c8e45effeb20521e28cfc3bb80a3404ec67868034219fd67a142cf21db95eb22e3b51639cc884d850e1e15d8

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

DHL-20210112-PDF.exe

Resource

win7-en-20211104

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL-20210112-PDF.exe

Resource

win10-en-20211014

snakekeylogger collection keylogger stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alroman.com
Port:
587
Username:
customercare@alroman.com
Password:
abc@24638

Targets

- Target
  
  DHL-20210112-PDF.exe
- Size
  
  376KB
- MD5
  
  9f306b99839580edc4d121870abb5b04
- SHA1
  
  0b2fc63e4edbf80a93366e7ec2e3e8aeffd7cc38
- SHA256
  
  f01dacce7e8eb48d0cbeda2e17dfd3d6f6494cb9d2b7a455256dd24e4110af7c
- SHA512
  
  bab1e630a21bf0e6b1f4da997598fe4477dda9d3c8e45effeb20521e28cfc3bb80a3404ec67868034219fd67a142cf21db95eb22e3b51639cc884d850e1e15d8
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy