snakekeylogger | 52ad6d72fe71e037848ecdb2b349e125aca3982353b82e70e179dc2c61122c85 | Triage

Submit
Reports

Overview

overview

Static

static

UPDATTED SOA.exe

windows7-x64

UPDATTED SOA.exe

windows10-2004-x64

Sharing

General

Target

UPDATTED SOA.zip
Size

577KB
Sample

221002-qyh54aafdp
MD5

afeb630b76eccf18d6c4ad396f8f55e7
SHA1

6131617ad4d77da7e0832f8757e332aa686d7c45
SHA256

52ad6d72fe71e037848ecdb2b349e125aca3982353b82e70e179dc2c61122c85
SHA512

822a9a0c0ffb4d0e2a756f78f576573e2b5ba8940421a0ced6d8fa06541c554561532f6aaadfde97f1e9a1cfd35a5d6b7369805cbdd715db6de2f1eb83a51dbb
SSDEEP

12288:8ReNpZPg2iP3XZqzrqn2ZjS9NJoW0BEJMAFjn+F3GRwSpt:8RexI1PX8zeuRmJMQ+F3gP

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

UPDATTED SOA.exe

Resource

win7-20220812-en

snakekeylogger keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

UPDATTED SOA.exe

Resource

win10v2004-20220812-en

snakekeylogger keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5227573794:AAECZBnQSxLs0aOVsV2wnclC6-WKnxPpi_k/sendMessage?chat_id=5217421430

Targets

- Target
  
  UPDATTED SOA.exe
- Size
  
  1.0MB
- MD5
  
  7a6b0980328902701e46b0e67288b565
- SHA1
  
  18eece768efd6b51990336bd7d580902db79f951
- SHA256
  
  8c456876915598dc988732791d60ea7129c1f03f9eabd10951ce2996c9c0997f
- SHA512
  
  e167579fbe129b819fc79581a34fc58c0fefb773ca7bc0e98b7024435cc0c8f0df7fbe86be21ecf338eedb7aeb442c8ec0a7b67a44330c1c219683f560bd168e
- SSDEEP
  
  12288:NikVrArSr9kMp1txX2iNoADqjJ5nmZhS/NFMWINKJmAtnn+F3ORwspu:xrArSrBv1Qjr+NoJm4+F3+A
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy