snakekeylogger | 7163dd515cb2369c7b9ed2f235a06ac01f6623c6ea2f4d9647b5abada0dae6c1

General

Target

1f525a8d8195fc99382b8acce5fadbc3.exe
Size

422KB
Sample

220706-ta2t3sgfb9
MD5

1f525a8d8195fc99382b8acce5fadbc3
SHA1

8c6c1e22add0ac9581820b39740b6c9621bbb964
SHA256

7163dd515cb2369c7b9ed2f235a06ac01f6623c6ea2f4d9647b5abada0dae6c1
SHA512

256e1a8d56913465f5f82d832a033515718fdd7e905602e844ff5687a355182184db52b5cb3713cf6f4c868b3db85357f18c72409d83eece1ba7a3169fa27317

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.maruti-msm.com
Port:
26
Username:
venkat.r@maruti-msm.com
Password:
P@55wrd9090
Email To:
venkat.r@maruti-msm.com

Targets

- Target
  
  1f525a8d8195fc99382b8acce5fadbc3.exe
- Size
  
  422KB
- MD5
  
  1f525a8d8195fc99382b8acce5fadbc3
- SHA1
  
  8c6c1e22add0ac9581820b39740b6c9621bbb964
- SHA256
  
  7163dd515cb2369c7b9ed2f235a06ac01f6623c6ea2f4d9647b5abada0dae6c1
- SHA512
  
  256e1a8d56913465f5f82d832a033515718fdd7e905602e844ff5687a355182184db52b5cb3713cf6f4c868b3db85357f18c72409d83eece1ba7a3169fa27317
Score

10^/10

snakekeylogger collection evasion keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2