snakekeylogger | a315f9c05c2c54565cc0d5615bd79b4c25012fa64d72758cb53f2bac2af78556

General

Target

tmp
Size

866KB
Sample

220909-n3j7vagae8
MD5

802e5cccd06f899eac41a3946408161b
SHA1

9d0fad0078c96c3ea4c5e9d0c4e449310e0bce5f
SHA256

a315f9c05c2c54565cc0d5615bd79b4c25012fa64d72758cb53f2bac2af78556
SHA512

3a364ad6220c7c58fca7b4158e2fc627649da10d36f48114e4c18c098a668970314eacc66b4bf601b6ff77634dd17e62acbbe4aa751c1ec588f51735601ed23d
SSDEEP

12288:2/RYlxF4M9nLDJLfJEGlYsJqw1bOkb2h6apTWO:RbF4shVlYoqQb7yvpCO

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5523020974:AAHw91wZ4lFXSikGhiv2A-o3CzmAt30RREg/sendMessage?chat_id=1972606022

Targets

- Target
  
  tmp
- Size
  
  866KB
- MD5
  
  802e5cccd06f899eac41a3946408161b
- SHA1
  
  9d0fad0078c96c3ea4c5e9d0c4e449310e0bce5f
- SHA256
  
  a315f9c05c2c54565cc0d5615bd79b4c25012fa64d72758cb53f2bac2af78556
- SHA512
  
  3a364ad6220c7c58fca7b4158e2fc627649da10d36f48114e4c18c098a668970314eacc66b4bf601b6ff77634dd17e62acbbe4aa751c1ec588f51735601ed23d
- SSDEEP
  
  12288:2/RYlxF4M9nLDJLfJEGlYsJqw1bOkb2h6apTWO:RbF4shVlYoqQb7yvpCO
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2