snakekeylogger | 134f65fd76fef6705fda2e1f2eaa8472a20f0b080daa950425d74ba497adc528 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

134f65fd76fef6705fda2e1f2eaa8472a20f0b080daa950425d74ba497adc528
Size

1.0MB
Sample

220705-lvb56afhfj
MD5

d7fe3f6e9a927e6ddb3f5378d896f36d
SHA1

31a856518b92f32bf0e2b27b6fa2f2e060a5000a
SHA256

134f65fd76fef6705fda2e1f2eaa8472a20f0b080daa950425d74ba497adc528
SHA512

fd25bbfeefde78b875cede8f4f1676c307e5b17f329bf03d264eb5cc17ec22a45ee66b2af48f2635a4874e2c8af41970d1cf86c83ec06d00a1aafe926cda2adb

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

134f65fd76fef6705fda2e1f2eaa8472a20f0b080daa950425d74ba497adc528.exe

Resource

win10-20220414-en

snakekeylogger collection keylogger spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5125489580:AAG9rJipU-Qp9bVmgyzvimlz5gpATRgg5qo/sendMessage?chat_id=5149913163

Targets

- Target
  
  134f65fd76fef6705fda2e1f2eaa8472a20f0b080daa950425d74ba497adc528
- Size
  
  1.0MB
- MD5
  
  d7fe3f6e9a927e6ddb3f5378d896f36d
- SHA1
  
  31a856518b92f32bf0e2b27b6fa2f2e060a5000a
- SHA256
  
  134f65fd76fef6705fda2e1f2eaa8472a20f0b080daa950425d74ba497adc528
- SHA512
  
  fd25bbfeefde78b875cede8f4f1676c307e5b17f329bf03d264eb5cc17ec22a45ee66b2af48f2635a4874e2c8af41970d1cf86c83ec06d00a1aafe926cda2adb
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy