snakekeylogger | a1183aa0c74ad8ad4cd678ba674d3ca9cb88c325bf4a585521d1d2fef6769dd1

General

Target

209876543456789000098.exe
Size

793KB
Sample

211202-krmbaagfd7
MD5

70ce5952a189b5eb3b5a67170981fb93
SHA1

ff3197ef1584ead3e7c2a39c1ac50591f8b2412f
SHA256

a1183aa0c74ad8ad4cd678ba674d3ca9cb88c325bf4a585521d1d2fef6769dd1
SHA512

7a9d78c3efb3f484f25d0064920cf02e653820a9a968a6cb09900668817b3bdecff94e3ea38328aceb98f1f758a6e1cd6c125d6c0dbb49ee47cf2ff10dbda175

Score

10^/10

Malware Config

Targets

- Target
  
  209876543456789000098.exe
- Size
  
  793KB
- MD5
  
  70ce5952a189b5eb3b5a67170981fb93
- SHA1
  
  ff3197ef1584ead3e7c2a39c1ac50591f8b2412f
- SHA256
  
  a1183aa0c74ad8ad4cd678ba674d3ca9cb88c325bf4a585521d1d2fef6769dd1
- SHA512
  
  7a9d78c3efb3f484f25d0064920cf02e653820a9a968a6cb09900668817b3bdecff94e3ea38328aceb98f1f758a6e1cd6c125d6c0dbb49ee47cf2ff10dbda175
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Snake Keylogger

Snake Keylogger Payload

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Drops desktop.ini file(s)

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2