snakekeylogger | 9e26e800b738ba5eae78fe1fa600caaa0349b5587032f825f4ec5d9da2e49928 | Triage

Submit
Reports

Overview

overview

Static

static

SHIPPING A...TS.exe

windows7-x64

SHIPPING A...TS.exe

windows10-2004-x64

Sharing

General

Target

2b9df84a652e40d4fdba0aecb502445b
Size

292KB
Sample

221018-x195xsdgar
MD5

2b9df84a652e40d4fdba0aecb502445b
SHA1

5031bebc984a8355d3a0faac2f29f5522cb77b27
SHA256

9e26e800b738ba5eae78fe1fa600caaa0349b5587032f825f4ec5d9da2e49928
SHA512

2abb6c7d4c132e4ac00055778c679a2c6e62e9ea9ae5217f19efc004106c6f23a586665412f89ce68044e014bf72890435dd4192612c1ccd469935dd771cb2a4
SSDEEP

6144:9e4pnOYQpUrdCMxN7K++EyNNktr7mPBqOVhl+9UekIob:c4pLdC7VXhP8ehl+We8

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

SHIPPING ADVICE DOCUMENTS.exe

Resource

win7-20220901-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SHIPPING ADVICE DOCUMENTS.exe

Resource

win10v2004-20220812-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/sendMessage?chat_id=1504449137

Targets

- Target
  
  SHIPPING ADVICE DOCUMENTS.exe
- Size
  
  283KB
- MD5
  
  a603a0b33ff50d3adfd91876cb4ecefe
- SHA1
  
  f17bb4f82bcf83fc468aace44fd7969e0d2c9a20
- SHA256
  
  12bb824400a388060ec52b7f66dcd99c12481f2936c57088c6b97427cc4b9e7c
- SHA512
  
  0e6a13a1c0afed0b8919b13fd1de8ecafad4c5a970b96d9faad41aaef34f5233b378c3cc2a43b47e9b8cfd9a6bebeef8b86633ee855563fcefdc8d7c8a4a1525
- SSDEEP
  
  6144:kKbho0Z3DqJHI7WsKmeNmIB/iLGmXbmmq58EG8pG776xG:kKbho0ZDqVIWpmfIExiaYG77
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy