snakekeylogger | fb5504af04ed02bd8d59e43667dd64b9478484105be4af4f573de5b32816e989 | Triage

Submit
Reports

Overview

overview

Static

static

Product In...26.exe

windows7-x64

Product In...26.exe

windows10-2004-x64

Sharing

General

Target

Product Inquiry LPO 202209282773526726.exe
Size

825KB
Sample

221001-h4yhzagfcl
MD5

ec2ec6eabae002a60635b2aaf42b5839
SHA1

ff1af2aca3772713a60d862f78776bce6fb1270d
SHA256

fb5504af04ed02bd8d59e43667dd64b9478484105be4af4f573de5b32816e989
SHA512

82e888499144d35de654973659c92414d19a6f6b65ac33ad851d92465a4c4252360be0d33da1adc58f3790b6945c698fa15aed178c03f75690b320f62153b852
SSDEEP

12288:VEuK3xMftlRAMpXmRe38bw5H9B3fjqV+4wZ0Bh3DQHKs8WapkoTFnAHsEc2U+/6y:65xgtlRFlJ38MLwVwaD3DQJP

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Product Inquiry LPO 202209282773526726.exe

Resource

win7-20220812-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Product Inquiry LPO 202209282773526726.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
xCj*aYU6
Email To:
[email protected]

Targets

- Target
  
  Product Inquiry LPO 202209282773526726.exe
- Size
  
  825KB
- MD5
  
  ec2ec6eabae002a60635b2aaf42b5839
- SHA1
  
  ff1af2aca3772713a60d862f78776bce6fb1270d
- SHA256
  
  fb5504af04ed02bd8d59e43667dd64b9478484105be4af4f573de5b32816e989
- SHA512
  
  82e888499144d35de654973659c92414d19a6f6b65ac33ad851d92465a4c4252360be0d33da1adc58f3790b6945c698fa15aed178c03f75690b320f62153b852
- SSDEEP
  
  12288:VEuK3xMftlRAMpXmRe38bw5H9B3fjqV+4wZ0Bh3DQHKs8WapkoTFnAHsEc2U+/6y:65xgtlRFlJ38MLwVwaD3DQJP
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy