snakekeylogger | 48e86244539459ac6321572a9163170c10e2c2f4c0ed13a974e569f13d8587b9 | Triage

Submit
Reports

Overview

overview

Static

static

REQUEST FOR QUOTE.exe

windows7-x64

REQUEST FOR QUOTE.exe

windows10-2004-x64

Sharing

General

Target

REQUEST FOR QUOTE.exe
Size

836KB
Sample

221020-mlhr1shfgm
MD5

0d965c09e78c8d3143d65f818ea94665
SHA1

833a6c5e2b247f7d343493ae55ee259e41dca1c4
SHA256

48e86244539459ac6321572a9163170c10e2c2f4c0ed13a974e569f13d8587b9
SHA512

e0bf9931f38862edffd4b089acfb93eb32311d5e9e5512917febd602edeb8cbaf9cc9853dd8f0770f0939394cc787c85bb36d43c9c1e8cb41674bdc7dea7b2c7
SSDEEP

12288:jLkIMvqV2fEuBk5HJ5UuVWVF/WnSZwIJD+yd48K5zA88E1ytyktf:vkI9NJGuVPSZwIJDRdrK5zAJE1+

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

REQUEST FOR QUOTE.exe

Resource

win7-20220901-en

snakekeylogger keylogger stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

REQUEST FOR QUOTE.exe

Resource

win10v2004-20220812-en

snakekeylogger keylogger stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
qlRYaFn8
Email To:
[email protected]

Targets

- Target
  
  REQUEST FOR QUOTE.exe
- Size
  
  836KB
- MD5
  
  0d965c09e78c8d3143d65f818ea94665
- SHA1
  
  833a6c5e2b247f7d343493ae55ee259e41dca1c4
- SHA256
  
  48e86244539459ac6321572a9163170c10e2c2f4c0ed13a974e569f13d8587b9
- SHA512
  
  e0bf9931f38862edffd4b089acfb93eb32311d5e9e5512917febd602edeb8cbaf9cc9853dd8f0770f0939394cc787c85bb36d43c9c1e8cb41674bdc7dea7b2c7
- SSDEEP
  
  12288:jLkIMvqV2fEuBk5HJ5UuVWVF/WnSZwIJD+yd48K5zA88E1ytyktf:vkI9NJGuVPSZwIJDRdrK5zAJE1+
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy