snakekeylogger | 5b37a1197dd6866cf0b617735b9f2009cf49dbd065ab46d7a6f36e76d069812b | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...py.scr

windows7_x64

3

Purchase O...py.scr

windows10_x64

Sharing

General

Target

Purchase Order No. 286353 - Copy.scr
Size

571KB
Sample

211203-kgwrzafgej
MD5

6e34a3c0b8b6a663a9f236085e450d41
SHA1

77b4a1dc260c068a81acc20b3b8e5a968a314055
SHA256

5b37a1197dd6866cf0b617735b9f2009cf49dbd065ab46d7a6f36e76d069812b
SHA512

2f9422f081bb70658b218e5e2b29c2461f151c962ed7db81c803427abbfe56410e727c0090dda1caf0cc2c5b09ffc76593d8956c930c9d12ff833a40378fda7f

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order No. 286353 - Copy.scr

Resource

win7-en-20211104

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order No. 286353 - Copy.scr

Resource

win10-en-20211014

snakekeylogger collection keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.jhllogistic.com
Port:
26
Username:
sunny@jhllogistic.com
Password:
jhlsunny168

Targets

- Target
  
  Purchase Order No. 286353 - Copy.scr
- Size
  
  571KB
- MD5
  
  6e34a3c0b8b6a663a9f236085e450d41
- SHA1
  
  77b4a1dc260c068a81acc20b3b8e5a968a314055
- SHA256
  
  5b37a1197dd6866cf0b617735b9f2009cf49dbd065ab46d7a6f36e76d069812b
- SHA512
  
  2f9422f081bb70658b218e5e2b29c2461f151c962ed7db81c803427abbfe56410e727c0090dda1caf0cc2c5b09ffc76593d8956c930c9d12ff833a40378fda7f
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy