snakekeylogger | 496f836f4de8ae952cd6749a0d8ada4d53e8095b38032b9e1b526b025ce3081d | Triage

Submit
Reports

Overview

overview

Static

static

88160011B.xlsx

windows7_x64

88160011B.xlsx

windows10-2004_x64

1

Sharing

General

Target

88160011B.xlsx
Size

39KB
Sample

220705-pffrkshadq
MD5

9add119c83c891469f6aacf6e1128544
SHA1

f87dceb2802e8e10eb36b4a913da50529901ac34
SHA256

496f836f4de8ae952cd6749a0d8ada4d53e8095b38032b9e1b526b025ce3081d
SHA512

1525620e45e55f5b8798d98694283692e2729a969b4b2d458b136b77199cf2dc0520e34c45e566afbe23b587b0057600680cef8d7df8d1f8b410763ac45e8488

Score

10^/10

snakekeylogger collection keylogger stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

88160011B.xlsx

Resource

win7-20220414-en

snakekeylogger collection keylogger stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

88160011B.xlsx

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stilltech.ro
Port:
587
Username:
office@stilltech.ro
Password:
eurobit555ro
Email To:
graceunlimited153@gmail.com

Targets

- Target
  
  88160011B.xlsx
- Size
  
  39KB
- MD5
  
  9add119c83c891469f6aacf6e1128544
- SHA1
  
  f87dceb2802e8e10eb36b4a913da50529901ac34
- SHA256
  
  496f836f4de8ae952cd6749a0d8ada4d53e8095b38032b9e1b526b025ce3081d
- SHA512
  
  1525620e45e55f5b8798d98694283692e2729a969b4b2d458b136b77199cf2dc0520e34c45e566afbe23b587b0057600680cef8d7df8d1f8b410763ac45e8488
Score

10^/10

snakekeylogger collection keylogger stealer suricata
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
  suricata: ET MALWARE MSIL/GenKryptik.FQRH Download Request
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealersuricata

behavioral2

© 2018-2024

Terms | Privacy