snakekeylogger | e9faa5274584e032c139a819383b077635114e8d4fbf786e61fb0205698bfd94 | Triage

Submit
Reports

Overview

overview

Static

static

TT Balance...DF.exe

windows7-x64

TT Balance...DF.exe

windows10-2004-x64

Sharing

General

Target

TT Balance For USD 288,770_PDF.exe
Size

669KB
Sample

221231-ml4dqahd97
MD5

45c9b934e85fbf9d9e7fb28926c5071b
SHA1

69733a2f3acd5a62562de192fcc5b081317b535c
SHA256

e9faa5274584e032c139a819383b077635114e8d4fbf786e61fb0205698bfd94
SHA512

654573b7ea393763d6e6583f319e3ac7cc7e23675255f7ece407fdeaa46dfac6d6b0471ff33347f765c3b2042bbdb2854d8bde6667aa323f078b43c316fee9f4
SSDEEP

12288:qja7XaG82rpPGfseVwUkPMPNuDFZJEAULyM6+khuaDM:ca77Je1kPMPNuxz4yHh

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

TT Balance For USD 288,770_PDF.exe

Resource

win7-20221111-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

TT Balance For USD 288,770_PDF.exe

Resource

win10v2004-20220901-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
cp5ua.hyperhost.ua
Port:
587
Username:
[email protected]
Password:
7213575aceACE@#$
Email To:
[email protected]

Targets

- Target
  
  TT Balance For USD 288,770_PDF.exe
- Size
  
  669KB
- MD5
  
  45c9b934e85fbf9d9e7fb28926c5071b
- SHA1
  
  69733a2f3acd5a62562de192fcc5b081317b535c
- SHA256
  
  e9faa5274584e032c139a819383b077635114e8d4fbf786e61fb0205698bfd94
- SHA512
  
  654573b7ea393763d6e6583f319e3ac7cc7e23675255f7ece407fdeaa46dfac6d6b0471ff33347f765c3b2042bbdb2854d8bde6667aa323f078b43c316fee9f4
- SSDEEP
  
  12288:qja7XaG82rpPGfseVwUkPMPNuDFZJEAULyM6+khuaDM:ca77Je1kPMPNuxz4yHh
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy