snakekeylogger | 4f0b01acb78ac9daaa0aa4a4ea8d189c1e815c474cda04c8d97591b754cf9375 | Triage

Submit
Reports

Overview

overview

Static

static

Swift pdf.exe

windows7_x64

Swift pdf.exe

windows10-2004_x64

Sharing

General

Target

Swift pdf.exe
Size

13KB
Sample

220706-ta2t3sgfc2
MD5

219b51d27650e58e806ecbea4a5464d2
SHA1

72cb9e74cd88eea0e18a02e54ca7e54557b0932b
SHA256

4f0b01acb78ac9daaa0aa4a4ea8d189c1e815c474cda04c8d97591b754cf9375
SHA512

2c413f65f672ac7225c8a2fd92063beda19caa914f416173f69eb4985a785291951aaaf292f2e9bf3489a70b4c228cc86d2f5d98b4f01cdfc491f6289d7b2cbd

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Swift pdf.exe

Resource

win7-20220414-en

snakekeylogger collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Swift pdf.exe

Resource

win10v2004-20220414-en

snakekeylogger collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5412895406:AAEj-XWjEH6Xgz-M_j2Kpqqdv6KOeN4GaH0/sendMessage?chat_id=1467583453

Targets

- Target
  
  Swift pdf.exe
- Size
  
  13KB
- MD5
  
  219b51d27650e58e806ecbea4a5464d2
- SHA1
  
  72cb9e74cd88eea0e18a02e54ca7e54557b0932b
- SHA256
  
  4f0b01acb78ac9daaa0aa4a4ea8d189c1e815c474cda04c8d97591b754cf9375
- SHA512
  
  2c413f65f672ac7225c8a2fd92063beda19caa914f416173f69eb4985a785291951aaaf292f2e9bf3489a70b4c228cc86d2f5d98b4f01cdfc491f6289d7b2cbd
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy