snakekeylogger | 3e2d304ef3b13cf0e4ce178d8b04878537871fe4957a579da336daee46cdeeef

General

Target

RFQ.exe
Size

801KB
Sample

221003-qndgvshag8
MD5

aad07a56490f6741c3921858f3043e79
SHA1

a94598c7fc15b6c5acc91f1436dba83997e11e28
SHA256

3e2d304ef3b13cf0e4ce178d8b04878537871fe4957a579da336daee46cdeeef
SHA512

cf06bbfe743ee7ea0835b3703602b7089e599fa8e2d023546d38b10e77defca4b092697f977fa3b2fe804d303f7b8bfb9d80ef557eebf925c1f998d7dde20e4a
SSDEEP

12288:uXstLovH4+5mCTWQg3mlDJwrxMF0LnXRBnU+wD+E542KK4HTN:bAHEtQV72MCLnXXfwDJ5

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
qlRYaFn8
Email To:
[email protected]

Targets

- Target
  
  RFQ.exe
- Size
  
  801KB
- MD5
  
  aad07a56490f6741c3921858f3043e79
- SHA1
  
  a94598c7fc15b6c5acc91f1436dba83997e11e28
- SHA256
  
  3e2d304ef3b13cf0e4ce178d8b04878537871fe4957a579da336daee46cdeeef
- SHA512
  
  cf06bbfe743ee7ea0835b3703602b7089e599fa8e2d023546d38b10e77defca4b092697f977fa3b2fe804d303f7b8bfb9d80ef557eebf925c1f998d7dde20e4a
- SSDEEP
  
  12288:uXstLovH4+5mCTWQg3mlDJwrxMF0LnXRBnU+wD+E542KK4HTN:bAHEtQV72MCLnXXfwDJ5
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2