snakekeylogger | 04817d678b5f79b764e0edd16ddd140c9209ace4bd7a72bdd134b4191fdd532d | Triage

Submit
Reports

Overview

overview

Static

static

20220825131165.exe

windows7-x64

20220825131165.exe

windows10-2004-x64

Sharing

General

Target

20220825131165.exe
Size

385KB
Sample

220919-jxrmhsbdgq
MD5

338b57edc0e5a428f0c7b0ca6c09b7bd
SHA1

122ce42ba55283d40d12a227a0c8a18a0e578f0a
SHA256

04817d678b5f79b764e0edd16ddd140c9209ace4bd7a72bdd134b4191fdd532d
SHA512

9bc169d5197e61afbe0e61e405b65d79e866cdf51f6dc82e0c30164c344a3fc33ef104c26b52d3cc40e9c79257036e4a4c1a434a2db93ec10b2adde5db6bc42d
SSDEEP

6144:Y3Kt8Z5C3vHVd/SUhLIMgwac5+Nm5dX1RwX8MOlc:4c8Z5CfHHJIMgwvem57+X4c

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

20220825131165.exe

Resource

win7-20220812-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

20220825131165.exe

Resource

win10v2004-20220812-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.hemegas.es
Port:
587
Username:
[email protected]
Password:
@Bastilipo1
Email To:
[email protected]

Targets

- Target
  
  20220825131165.exe
- Size
  
  385KB
- MD5
  
  338b57edc0e5a428f0c7b0ca6c09b7bd
- SHA1
  
  122ce42ba55283d40d12a227a0c8a18a0e578f0a
- SHA256
  
  04817d678b5f79b764e0edd16ddd140c9209ace4bd7a72bdd134b4191fdd532d
- SHA512
  
  9bc169d5197e61afbe0e61e405b65d79e866cdf51f6dc82e0c30164c344a3fc33ef104c26b52d3cc40e9c79257036e4a4c1a434a2db93ec10b2adde5db6bc42d
- SSDEEP
  
  6144:Y3Kt8Z5C3vHVd/SUhLIMgwac5+Nm5dX1RwX8MOlc:4c8Z5CfHHJIMgwvem57+X4c
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy