snakekeylogger | 1223358fd47406217b3fde5b7eacab6ae5bff40a0c40fa4f5301f221ec7182d6 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1223358fd47406217b3fde5b7eacab6ae5bff40a0c40fa4f5301f221ec7182d6
Size

751KB
Sample

221123-rtpyhshe42
MD5

878898eefac75a95b2c8ba7285a0ae88
SHA1

273297a0e0c5484ca145d9776a439e7474adcedc
SHA256

1223358fd47406217b3fde5b7eacab6ae5bff40a0c40fa4f5301f221ec7182d6
SHA512

48d87ecd2e0797024920d3ec8f7a88ba802370bb1d47ff7416b8611ba0e02ffb476f7130a3b5c451d5a88706db13c0d2b048a1fdde7c8f3200db1ff9fd8381d7
SSDEEP

12288:v07YsZ1DX/VDJtV7sWrXVJoQbL2XOMMtEtpJ7b4YQ/0GU:M7YkIWr3PndtmpyYQLU

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

1223358fd47406217b3fde5b7eacab6ae5bff40a0c40fa4f5301f221ec7182d6.exe

Resource

win10v2004-20220812-en

snakekeylogger collection keylogger spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#
Email To:
[email protected]

Targets

- Target
  
  1223358fd47406217b3fde5b7eacab6ae5bff40a0c40fa4f5301f221ec7182d6
- Size
  
  751KB
- MD5
  
  878898eefac75a95b2c8ba7285a0ae88
- SHA1
  
  273297a0e0c5484ca145d9776a439e7474adcedc
- SHA256
  
  1223358fd47406217b3fde5b7eacab6ae5bff40a0c40fa4f5301f221ec7182d6
- SHA512
  
  48d87ecd2e0797024920d3ec8f7a88ba802370bb1d47ff7416b8611ba0e02ffb476f7130a3b5c451d5a88706db13c0d2b048a1fdde7c8f3200db1ff9fd8381d7
- SSDEEP
  
  12288:v07YsZ1DX/VDJtV7sWrXVJoQbL2XOMMtEtpJ7b4YQ/0GU:M7YkIWr3PndtmpyYQLU
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy