snakekeylogger | 23ebed8ff1f6bbc93df436e7fafcbd0580751b8b628761342b9bc8a96790a9a0 | Triage

Submit
Reports

Overview

overview

Static

static

d53e3ef9fa...65.exe

windows7_x64

d53e3ef9fa...65.exe

windows10-2004_x64

Sharing

General

Target

d53e3ef9fae38384b9cfbd817bd75865.exe
Size

126KB
Sample

220706-s9xhzaedhk
MD5

d53e3ef9fae38384b9cfbd817bd75865
SHA1

af3bf205ad4b51615901128d50cb10988496e565
SHA256

23ebed8ff1f6bbc93df436e7fafcbd0580751b8b628761342b9bc8a96790a9a0
SHA512

1f7e477e689cef7c483190bc366f1d26d97a66da93332df0551b4ef8595e52adde0c27e2ff56d3ab21b03b54fd1c9644bdbf53ff8141b26f19fd4d68301e1e1a

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d53e3ef9fae38384b9cfbd817bd75865.exe

Resource

win7-20220414-en

snakekeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d53e3ef9fae38384b9cfbd817bd75865.exe

Resource

win10v2004-20220414-en

snakekeylogger collection keylogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5166529015:AAHmXMIWF4K9IarF05CZj5gCu_oVRj3zFHc/sendMessage?chat_id=5170122971

Targets

- Target
  
  d53e3ef9fae38384b9cfbd817bd75865.exe
- Size
  
  126KB
- MD5
  
  d53e3ef9fae38384b9cfbd817bd75865
- SHA1
  
  af3bf205ad4b51615901128d50cb10988496e565
- SHA256
  
  23ebed8ff1f6bbc93df436e7fafcbd0580751b8b628761342b9bc8a96790a9a0
- SHA512
  
  1f7e477e689cef7c483190bc366f1d26d97a66da93332df0551b4ef8595e52adde0c27e2ff56d3ab21b03b54fd1c9644bdbf53ff8141b26f19fd4d68301e1e1a
Score

10^/10

snakekeylogger keylogger stealer collection spyware
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy