snakekeylogger | 62d027e4200988773e4a37cffc36254c125751fe64714a956fbdfaa4dc212f43 | Triage

Submit
Reports

Overview

overview

Static

static

BEIJING XI...df.exe

windows7_x64

BEIJING XI...df.exe

windows10-2004_x64

Sharing

General

Target

BEIJING XIANTE TECHNOLOGY-Materials (MD) RFQ21-1005R1.pdf.zipx
Size

512KB
Sample

220705-pf2ztaahf2
MD5

08307d5f55cc9efa130d41cf2485ec61
SHA1

92cbf12a6ca6baa2ba6c8b74e7e9c5ad9b24e9ff
SHA256

62d027e4200988773e4a37cffc36254c125751fe64714a956fbdfaa4dc212f43
SHA512

319b69681aca9542e0f5250786c18e39cd28687efa71762c2882af1d6a9fed17bcc8e35b68362dc3df8d8017b3dc77e98b57bddebd95999e362ecb13cd79598b

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

BEIJING XIANTE TECHNOLOGY-Materials (MD) RFQ21-1005R1.pdf.exe

Resource

win7-20220414-en

snakekeylogger collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BEIJING XIANTE TECHNOLOGY-Materials (MD) RFQ21-1005R1.pdf.exe

Resource

win10v2004-20220414-en

snakekeylogger collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stilltech.ro
Port:
587
Username:
office@stilltech.ro
Password:
eurobit555ro
Email To:
graceunlimited153@gmail.com

Targets

- Target
  
  BEIJING XIANTE TECHNOLOGY-Materials (MD) RFQ21-1005R1.pdf.exe
- Size
  
  561KB
- MD5
  
  c01e2956b20349d01fd6f43f9a7ef0c3
- SHA1
  
  4799db2196420cc90b24e28519ed459119d71fca
- SHA256
  
  f479546b3b39902eed49ccdd2749bde0d6ffb260311f8a8240fa69700e2a200e
- SHA512
  
  e3b466d2e32b1b3e18cc8669f957cf8dc66ca85827a2f40083931e0d72da8f67d8b01b71fea9bd8f601143d071f729184b9685198a974c247aaac7958141f469
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy