snakekeylogger | e645aef24ba9b241b006eeb7e3f6139cc756f82a81e1bea32125062214e6880e | Triage

Submit
Reports

Overview

overview

Static

static

$456,400_M...PY.rtf

windows7_x64

$456,400_M...PY.rtf

windows10-2004_x64

1

Sharing

General

Target

$456,400_MT103_ADVICE_COPY.doc
Size

10KB
Sample

220706-htqqdahhgr
MD5

bf7597c04b3c217e99958f88e2c0f8d0
SHA1

610bd865bfb97a065b84ecdb8de23cbaf22933fb
SHA256

e645aef24ba9b241b006eeb7e3f6139cc756f82a81e1bea32125062214e6880e
SHA512

dbdbbda7b84bfeb91fe7fe71d18b59791edf7e2322121d8c513546917619a79e7460f4e2aabb841392842dcbd707126b88c7b8078e887cb215f8d4aebe20912b

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

$456,400_MT103_ADVICE_COPY.rtf

Resource

win7-20220414-en

snakekeylogger collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

$456,400_MT103_ADVICE_COPY.rtf

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5125489580:AAG9rJipU-Qp9bVmgyzvimlz5gpATRgg5qo/sendMessage?chat_id=5149913163

Targets

- Target
  
  $456,400_MT103_ADVICE_COPY.doc
- Size
  
  10KB
- MD5
  
  bf7597c04b3c217e99958f88e2c0f8d0
- SHA1
  
  610bd865bfb97a065b84ecdb8de23cbaf22933fb
- SHA256
  
  e645aef24ba9b241b006eeb7e3f6139cc756f82a81e1bea32125062214e6880e
- SHA512
  
  dbdbbda7b84bfeb91fe7fe71d18b59791edf7e2322121d8c513546917619a79e7460f4e2aabb841392842dcbd707126b88c7b8078e887cb215f8d4aebe20912b
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy