snakekeylogger | 006248ca6292f9ca72274fc84e5cea8fc72aa2df7079e849835c232bea1b1c47 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...37.exe

windows7-x64

SecuriteIn...37.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.22537.exe
Size

900KB
Sample

221003-e7874ahegk
MD5

96d1155766e94985bae9254b1519a08f
SHA1

20542794a283bb390e1f25e6150cd994a0b3a2a0
SHA256

006248ca6292f9ca72274fc84e5cea8fc72aa2df7079e849835c232bea1b1c47
SHA512

f5ab3b93729e7fc67e23a63006bec797f2a8d26fb9fae0a3c078ded809a16926d4226ced8ecc854eb988307beec635c63a439db24a29f3187b7af31fdd10f9af
SSDEEP

12288:f0fnBqhbu2e3h6FeBj2GwlRda0TmgnHzIVrURPSjSK4HTN:qMbjah6FeBjkvBzc8PS

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.22537.exe

Resource

win7-20220901-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.22537.exe

Resource

win10v2004-20220901-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.hemegas.es
Port:
587
Username:
[email protected]
Password:
@Bastilipo1
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.22537.exe
- Size
  
  900KB
- MD5
  
  96d1155766e94985bae9254b1519a08f
- SHA1
  
  20542794a283bb390e1f25e6150cd994a0b3a2a0
- SHA256
  
  006248ca6292f9ca72274fc84e5cea8fc72aa2df7079e849835c232bea1b1c47
- SHA512
  
  f5ab3b93729e7fc67e23a63006bec797f2a8d26fb9fae0a3c078ded809a16926d4226ced8ecc854eb988307beec635c63a439db24a29f3187b7af31fdd10f9af
- SSDEEP
  
  12288:f0fnBqhbu2e3h6FeBj2GwlRda0TmgnHzIVrURPSjSK4HTN:qMbjah6FeBjkvBzc8PS
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy