snakekeylogger | 70c021052ad4b72188bf5d6c960e668524c7d538e9d30e4991269f7a5e79a566 | Triage

Submit
Reports

Overview

overview

Static

static

vbc.exe

windows7_x64

7

vbc.exe

windows10-2004_x64

Sharing

General

Target

vbc.exe
Size

374KB
Sample

220705-verekschg6
MD5

24e89d07e1071f93c8f8e0a03eeb7b9a
SHA1

981c5c627491a6952c14921289e7d60ba819f019
SHA256

70c021052ad4b72188bf5d6c960e668524c7d538e9d30e4991269f7a5e79a566
SHA512

84b617ab92a58122c5167a13c67fed43ac3e336e7dcd2d73370a2f54c8a903d047bffd5a97a4dc08f1460ba685db9fc4daafd7edadebc2430f77666d5c0afb2f

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

vbc.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

vbc.exe

Resource

win10v2004-20220414-en

snakekeylogger collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5471298201:AAGFh758keN2eA73SQlIsmB91r4EW74GWCo/sendMessage?chat_id=5144477649

Targets

- Target
  
  vbc.exe
- Size
  
  374KB
- MD5
  
  24e89d07e1071f93c8f8e0a03eeb7b9a
- SHA1
  
  981c5c627491a6952c14921289e7d60ba819f019
- SHA256
  
  70c021052ad4b72188bf5d6c960e668524c7d538e9d30e4991269f7a5e79a566
- SHA512
  
  84b617ab92a58122c5167a13c67fed43ac3e336e7dcd2d73370a2f54c8a903d047bffd5a97a4dc08f1460ba685db9fc4daafd7edadebc2430f77666d5c0afb2f
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy