snakekeylogger | a0baf98ce28c1245d78159191bd0fafaf80c8c6b76b5e80b43bea8874af910a9 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...44.exe

windows7_x64

1

SecuriteIn...44.exe

windows10-2004_x64

Sharing

General

Target

SecuriteInfo.com.Variant.Bulz.554061.26144.27197
Size

375KB
Sample

220704-t3m7dscce2
MD5

0a2bec36f7da26027cf27281c24c7bbf
SHA1

90eaf5fd30f3e0e6c5bb20fb2f798742978caae6
SHA256

a0baf98ce28c1245d78159191bd0fafaf80c8c6b76b5e80b43bea8874af910a9
SHA512

ab0580ff3db41c8b6de649395c4843f8df01dd5e878e79a63f84db75e21541a173b27e214e66ee3381fee367f401302a91a0e721acd503a93ef922db0950e19c

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Variant.Bulz.554061.26144.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Variant.Bulz.554061.26144.exe

Resource

win10v2004-20220414-en

snakekeylogger collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5516172220:AAH0-Z_MMwZG6EyCl-wEKyJpXEkKGfazFQU/sendMessage?chat_id=5274798743

Targets

- Target
  
  SecuriteInfo.com.Variant.Bulz.554061.26144.27197
- Size
  
  375KB
- MD5
  
  0a2bec36f7da26027cf27281c24c7bbf
- SHA1
  
  90eaf5fd30f3e0e6c5bb20fb2f798742978caae6
- SHA256
  
  a0baf98ce28c1245d78159191bd0fafaf80c8c6b76b5e80b43bea8874af910a9
- SHA512
  
  ab0580ff3db41c8b6de649395c4843f8df01dd5e878e79a63f84db75e21541a173b27e214e66ee3381fee367f401302a91a0e721acd503a93ef922db0950e19c
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy