snakekeylogger | 915bf45c516f6cf10dec4441b47efb8ce11bd3db44569521e98912fe7d839f99 | Triage

Submit
Reports

Overview

overview

Static

static

915bf45c51...99.exe

windows7-x64

915bf45c51...99.exe

windows10-2004-x64

Sharing

General

Target

915bf45c516f6cf10dec4441b47efb8ce11bd3db44569521e98912fe7d839f99
Size

497KB
Sample

221125-kg2m8adh85
MD5

7dd5da0fe50d0c14b4bd2f4ae265e34e
SHA1

82f5595d0c3d61c80eba41e9da640b8e7d7d7ca2
SHA256

915bf45c516f6cf10dec4441b47efb8ce11bd3db44569521e98912fe7d839f99
SHA512

09c0438b0fab4c6a81781b0099101815d4f3403f412bc726107980b58d16230c273a4e8202c39f9d2f4f2b689322d1daa352088cf8b5c3f86fb56b0d4a098ae7
SSDEEP

6144:oSDMpra6/Ri8nfqYo7Xxp9WGQeg8bhI5PPL14:Kp1Ji8fRyB7WE2L1

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

915bf45c516f6cf10dec4441b47efb8ce11bd3db44569521e98912fe7d839f99.exe

Resource

win7-20220812-en

snakekeylogger collection keylogger spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

915bf45c516f6cf10dec4441b47efb8ce11bd3db44569521e98912fe7d839f99.exe

Resource

win10v2004-20220901-en

snakekeylogger collection keylogger spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1335107831:AAGZPoo67JukV78LJI16BeQqy3whx-zI59g/sendMessage?chat_id=1294593001

Targets

- Target
  
  915bf45c516f6cf10dec4441b47efb8ce11bd3db44569521e98912fe7d839f99
- Size
  
  497KB
- MD5
  
  7dd5da0fe50d0c14b4bd2f4ae265e34e
- SHA1
  
  82f5595d0c3d61c80eba41e9da640b8e7d7d7ca2
- SHA256
  
  915bf45c516f6cf10dec4441b47efb8ce11bd3db44569521e98912fe7d839f99
- SHA512
  
  09c0438b0fab4c6a81781b0099101815d4f3403f412bc726107980b58d16230c273a4e8202c39f9d2f4f2b689322d1daa352088cf8b5c3f86fb56b0d4a098ae7
- SSDEEP
  
  6144:oSDMpra6/Ri8nfqYo7Xxp9WGQeg8bhI5PPL14:Kp1Ji8fRyB7WE2L1
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerspywarestealer

behavioral2

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy