snakekeylogger | 9000fc8be8a93dc6d1f9f07c25fc6cbf0c18225d367a333844b6deca8841ca7c

General

Target

202275denge ve beyan.exe
Size

1.0MB
Sample

220706-tagtxaeeap
MD5

cf5df047f1041ab04ce3986f65143051
SHA1

3d84bde7c028e4667e99c6d54fdd97ae3a625da8
SHA256

9000fc8be8a93dc6d1f9f07c25fc6cbf0c18225d367a333844b6deca8841ca7c
SHA512

8aef908cd72101c73a6576770c53b1f6ba63814a7e0aae19b1e124c8470c1c6f935403c656378a60724522c7e81507caf25efb3a52199f35e47c2af6e54f9fc1

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5166529015:AAHmXMIWF4K9IarF05CZj5gCu_oVRj3zFHc/sendMessage?chat_id=5170122971

Targets

- Target
  
  202275denge ve beyan.exe
- Size
  
  1.0MB
- MD5
  
  cf5df047f1041ab04ce3986f65143051
- SHA1
  
  3d84bde7c028e4667e99c6d54fdd97ae3a625da8
- SHA256
  
  9000fc8be8a93dc6d1f9f07c25fc6cbf0c18225d367a333844b6deca8841ca7c
- SHA512
  
  8aef908cd72101c73a6576770c53b1f6ba63814a7e0aae19b1e124c8470c1c6f935403c656378a60724522c7e81507caf25efb3a52199f35e47c2af6e54f9fc1
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger Payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2