snakekeylogger | 60cc2470b3941fd1e6020904750d3f030ac65a70670c722dcc241506224d146a | Triage

Submit
Reports

Overview

overview

Static

static

1

3aZnim03YZoCOjB.exe

windows7-x64

3aZnim03YZoCOjB.exe

windows10-2004-x64

Sharing

General

Target

3aZnim03YZoCOjB.exe
Size

871KB
Sample

230215-qwsxhsbf8t
MD5

dd99bf6787f2edec1f03cee0918428c8
SHA1

571bd427299e33dc4c47b3a6e8c0af4dcbfef0af
SHA256

60cc2470b3941fd1e6020904750d3f030ac65a70670c722dcc241506224d146a
SHA512

cd60f794eccff1412ce2c97fcbd0bd66adb560e443ae2ada2705912e52d7cdbf4c264c75d29b41085e71c62252172240def3f2f7a110b414b766d7c31e3e6c7f
SSDEEP

12288:epY5dB23bB2gB2iNdt3fex00iXpiNInLHIJZegguQnMlGWz:epY5dIV2K1nt3f9xcCWz

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

3aZnim03YZoCOjB.exe

Resource

win7-20220812-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

3aZnim03YZoCOjB.exe

Resource

win10v2004-20221111-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6153811580:AAFDLNZoT-HelPNUs1JOyE22nWD-iLH7QKY/sendMessage?chat_id=5582419717

Targets

- Target
  
  3aZnim03YZoCOjB.exe
- Size
  
  871KB
- MD5
  
  dd99bf6787f2edec1f03cee0918428c8
- SHA1
  
  571bd427299e33dc4c47b3a6e8c0af4dcbfef0af
- SHA256
  
  60cc2470b3941fd1e6020904750d3f030ac65a70670c722dcc241506224d146a
- SHA512
  
  cd60f794eccff1412ce2c97fcbd0bd66adb560e443ae2ada2705912e52d7cdbf4c264c75d29b41085e71c62252172240def3f2f7a110b414b766d7c31e3e6c7f
- SSDEEP
  
  12288:epY5dB23bB2gB2iNdt3fex00iXpiNInLHIJZegguQnMlGWz:epY5dIV2K1nt3f9xcCWz
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy