snakekeylogger | 310695600166e82a8276c76352e340cc4ced96335a81acb4c530e60e07d291ca

General

Target

PO_N∞ 303550900.rar
Size

490KB
Sample

221017-ycsfmsdafr
MD5

7a73cfe5e13d80507f7a32ca3013bcec
SHA1

10ae13f465b51d4887297d5d72ed2793449b57f0
SHA256

310695600166e82a8276c76352e340cc4ced96335a81acb4c530e60e07d291ca
SHA512

f7637ba220149270c9cc69f1fd2fb8e3fb24a21ec3066116148ecd3badbbf161eb928c0e88b5b67bc72d209a061054cb95630df86e48802b4797be7de95b52fb
SSDEEP

12288:VBH1dwiy1b2UE8F7czcD1MF52v3VB9GNsodMu4O0E5:FdCcc3xG+Pufv5

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.stilltech.ro
Port:
587
Username:
[email protected]
Password:
eurobit555ro
Email To:
[email protected]

Targets

- Target
  
  PO_N° 303550900.exe
- Size
  
  766KB
- MD5
  
  3690f258325839e1e2321d5bc1f42716
- SHA1
  
  8bb78bf22b8cafc4adcad44bd3b53f89a71d4f9b
- SHA256
  
  a0b3665ecea80f1d40c7c39d97f2d79bcfad60361b0a9f429f872b8d4aa9065a
- SHA512
  
  cbd0901abda0dfa884417acfc7645a99bd97b8663294710a1349e754e12b01f839ee043f7bf35346278e7557a2009994f4e2ac6341884468f8ec226480be8f70
- SSDEEP
  
  12288:rEs/R4RB2cu+KJ0ewZNOFuXFhnGrAMyGFkWnkp05m9Fs2:CRuFFuXFUriekWnQ05I
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2