snakekeylogger | c80a05c35213b3be8658dd727ec315adb68be23328eb05bfcc12ad3a3017a421

General

Target

c80a05c35213b3be8658dd727ec315adb68be23328eb05bfcc12ad3a3017a421
Size

127KB
Sample

221225-pe1qcsef3t
MD5

c193b51e0fff10d76d6f94dc1fc50f14
SHA1

fe05e48e25033f42bc91ae47901d4db7f208e32c
SHA256

c80a05c35213b3be8658dd727ec315adb68be23328eb05bfcc12ad3a3017a421
SHA512

d46595c45ef8ead535b8d69e1950ae22064e498f89e8f40755bc50aca6e660807f066e548e33496b3499465260cc6fc326fe3bcc5cfdcb623f2fa64e5504aa29
SSDEEP

1536:J5H8taABwPDvKtcf+Ce+vBUFrlYYeakHcYCcCWPQZcMFXCccb/UffIxDpiOWBI83:J5H8Y0UHf+beaHcb8HIxtwBI8mFbY

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
universaleagles-ye.com
Port:
587
Username:
[email protected]
Password:
UEss@@202122

Targets

- Target
  
  c80a05c35213b3be8658dd727ec315adb68be23328eb05bfcc12ad3a3017a421
- Size
  
  127KB
- MD5
  
  c193b51e0fff10d76d6f94dc1fc50f14
- SHA1
  
  fe05e48e25033f42bc91ae47901d4db7f208e32c
- SHA256
  
  c80a05c35213b3be8658dd727ec315adb68be23328eb05bfcc12ad3a3017a421
- SHA512
  
  d46595c45ef8ead535b8d69e1950ae22064e498f89e8f40755bc50aca6e660807f066e548e33496b3499465260cc6fc326fe3bcc5cfdcb623f2fa64e5504aa29
- SSDEEP
  
  1536:J5H8taABwPDvKtcf+Ce+vBUFrlYYeakHcYCcCWPQZcMFXCccb/UffIxDpiOWBI83:J5H8Y0UHf+beaHcb8HIxtwBI8mFbY
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2