snakekeylogger | 92c7146dd4dd24206b2c0b9dee831bdd772eced8b8d5c67b3b73e31bababea82 | Triage

Submit
Reports

Overview

overview

Static

static

MV. NEW BR...)..xll

windows7_x64

7

MV. NEW BR...)..xll

windows10-2004_x64

Resubmissions

19-03-2023 18:05

230319-wpjcdsbf4x 10

04-07-2022 18:06

220704-wprzjaaegl 10

Sharing

General

Target

MV. NEW BRIDGE (EX THORCO SVENDBORG)..xll
Size

1.7MB
Sample

220704-wprzjaaegl
MD5

e772d046be7fbfbe96e90eca5ab20566
SHA1

286d9bcf13c0cb309f9041f2ea03e5ce99848669
SHA256

92c7146dd4dd24206b2c0b9dee831bdd772eced8b8d5c67b3b73e31bababea82
SHA512

4c79623f6c7c557169da85715e69f387ef2d98a16ab35516768ef921e65e791d1301d2574a6703b1e7c9fb6902d69bef341908294ba31469e57321533de70103

Score

10^/10

snakekeylogger collection keylogger persistence stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

MV. NEW BRIDGE (EX THORCO SVENDBORG)..xll

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV. NEW BRIDGE (EX THORCO SVENDBORG)..xll

Resource

win10v2004-20220414-en

snakekeylogger collection keylogger persistence stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1707668650:AAFJBUcmT6aGlXwy3-beDARhm0ji930DCzM/sendMessage?chat_id=-772314354

Targets

- Target
  
  MV. NEW BRIDGE (EX THORCO SVENDBORG)..xll
- Size
  
  1.7MB
- MD5
  
  e772d046be7fbfbe96e90eca5ab20566
- SHA1
  
  286d9bcf13c0cb309f9041f2ea03e5ce99848669
- SHA256
  
  92c7146dd4dd24206b2c0b9dee831bdd772eced8b8d5c67b3b73e31bababea82
- SHA512
  
  4c79623f6c7c557169da85715e69f387ef2d98a16ab35516768ef921e65e791d1301d2574a6703b1e7c9fb6902d69bef341908294ba31469e57321533de70103
Score

10^/10

snakekeylogger collection keylogger persistence stealer suricata
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerpersistencestealersuricata

© 2018-2024

Terms | Privacy