snakekeylogger | 29748957e43758e0a59ec98a377f55bbdd4f25fdd4ba10bae8d6ec997f580d1e | Triage

Submit
Reports

Overview

overview

Static

static

Hjhkcx.scr

windows7-x64

Hjhkcx.scr

windows10-2004-x64

Sharing

General

Target

Hjhkcx.scr
Size

2.0MB
Sample

220806-hwkl5sbhbm
MD5

8ba4d8afe4e893752efe87e60ca906c7
SHA1

3ef4ad6579868be2cb954a02003e5838e7195d50
SHA256

29748957e43758e0a59ec98a377f55bbdd4f25fdd4ba10bae8d6ec997f580d1e
SHA512

687932d3ad807589e254b3c89e7f77cc8d10e1275c05e0673fa26c58de037979cb75263cc3b1b8ded890b65508f94274255e3b76d828a9a73afb374c7295b4ad

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Hjhkcx.scr

Resource

win7-20220718-en

snakekeylogger collection keylogger stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Hjhkcx.scr

Resource

win10v2004-20220721-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5599749594:AAH_jG8ISPD--cSrsStzuOm8r68iVeJzryU/sendMessage?chat_id=2054148913

Targets

- Target
  
  Hjhkcx.scr
- Size
  
  2.0MB
- MD5
  
  8ba4d8afe4e893752efe87e60ca906c7
- SHA1
  
  3ef4ad6579868be2cb954a02003e5838e7195d50
- SHA256
  
  29748957e43758e0a59ec98a377f55bbdd4f25fdd4ba10bae8d6ec997f580d1e
- SHA512
  
  687932d3ad807589e254b3c89e7f77cc8d10e1275c05e0673fa26c58de037979cb75263cc3b1b8ded890b65508f94274255e3b76d828a9a73afb374c7295b4ad
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy