snakekeylogger | bb5aa33ec1181af72cf4422a71bbf8a7d594f4c9522e3ed91f0a241609ab530f | Triage

Sharing

General

Target

payslip.exe
Size

938KB
Sample

211207-mwqklsbff7
MD5

b39ebd7f3b8e407bdcaf2c7351ad8ae0
SHA1

b4992a53a9d2e624d1fb2427ae712c5c0b6ba916
SHA256

bb5aa33ec1181af72cf4422a71bbf8a7d594f4c9522e3ed91f0a241609ab530f
SHA512

b96dacd6b4042a3cb5b7c54878bc51d05b5aacdcf5595158bd536c5035bb65b4b051f67d0bc2d7b0de0fcadbd4ca28c7a9c240c0261ad6aee17766fb2346010a

Score

10^/10

snakekeylogger collection keylogger stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stlwtgroup.com
Port:
587
Username:
simon.ho@stlwtgroup.com
Password:
Simon97292457

Targets

- Target
  
  payslip.exe
- Size
  
  938KB
- MD5
  
  b39ebd7f3b8e407bdcaf2c7351ad8ae0
- SHA1
  
  b4992a53a9d2e624d1fb2427ae712c5c0b6ba916
- SHA256
  
  bb5aa33ec1181af72cf4422a71bbf8a7d594f4c9522e3ed91f0a241609ab530f
- SHA512
  
  b96dacd6b4042a3cb5b7c54878bc51d05b5aacdcf5595158bd536c5035bb65b4b051f67d0bc2d7b0de0fcadbd4ca28c7a9c240c0261ad6aee17766fb2346010a
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer