snakekeylogger | 6200e8758a22991d5ac0af555cbe25f8d2b59ca0f5f212402d8ec805c7f5cfe7 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ-11015-12.exe

windows10-1703-x64

RFQ-11015-12.exe

windows10-2004-x64

Resubmissions

03-10-2022 05:52

221003-gky5qaacg7 10

02-10-2022 10:41

221002-mq3yradabj 10

Sharing

General

Target

RFQ-11015-12.exe
Size

27KB
Sample

221003-gky5qaacg7
MD5

a1dc1cff823fcdd66b73eef2e7c32715
SHA1

451cd2d2033b8774dab60a954e158c7aafaf2d47
SHA256

6200e8758a22991d5ac0af555cbe25f8d2b59ca0f5f212402d8ec805c7f5cfe7
SHA512

e105618d9863401f9ee56b7eb6ff826bb5b4bef76cef0b5b6b211c839b8ff7ed9277381c243f5e2855609c42c6ae1f74082c962398e5ebd2ed81a326d44e3623
SSDEEP

384:Nukgi2WJFHHMleT2gL1CAOh05PjoaYLR/NLXFqgnZE3eCjRyY+vGyox8u5/DpW+v:shKMM2jOj+RVLp4Vh+eyM8upJ

Score

10^/10

snakekeylogger collection keylogger persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

RFQ-11015-12.exe

Resource

win10-20220812-en

snakekeylogger collection keylogger persistence stealer

windows10-1703-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ-11015-12.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger persistence stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  RFQ-11015-12.exe
- Size
  
  27KB
- MD5
  
  a1dc1cff823fcdd66b73eef2e7c32715
- SHA1
  
  451cd2d2033b8774dab60a954e158c7aafaf2d47
- SHA256
  
  6200e8758a22991d5ac0af555cbe25f8d2b59ca0f5f212402d8ec805c7f5cfe7
- SHA512
  
  e105618d9863401f9ee56b7eb6ff826bb5b4bef76cef0b5b6b211c839b8ff7ed9277381c243f5e2855609c42c6ae1f74082c962398e5ebd2ed81a326d44e3623
- SSDEEP
  
  384:Nukgi2WJFHHMleT2gL1CAOh05PjoaYLR/NLXFqgnZE3eCjRyY+vGyox8u5/DpW+v:shKMM2jOj+RVLp4Vh+eyM8upJ
Score

10^/10

snakekeylogger collection keylogger persistence stealer
- Modifies WinLogon for persistence
  persistence
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerpersistencestealer

behavioral2

snakekeyloggercollectionkeyloggerpersistencestealer

© 2018-2024

Terms | Privacy