snakekeylogger | d2f683f8573debf656f41e4a53913c747d3699975e5ee04c7cac8a9b41587bfb

General

Target

ödeme kopyası.exe
Size

645KB
Sample

230302-nkz6cacc8s
MD5

6b0cd310489275fdbe09581682790b99
SHA1

fae5ab4d62fbe0e06c493423ea82d70f928853eb
SHA256

d2f683f8573debf656f41e4a53913c747d3699975e5ee04c7cac8a9b41587bfb
SHA512

5a6ac842465dd918eeaab7d31d86aeaa0cdd6c2e87641f0e0b13a3d48ff523c26964ed0e61268f776008ac3495febc2343f3b645f42263bb5b61bd003572e72b
SSDEEP

12288:OYCPOJq0bLW6PEKEFMHhkhpLzDtv0BLtQL21goNORLMz:OYCPOVWAEKwMsBDtMWR+KMz

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5843567515:AAEdtJWwcJKNn64U81CKVdG-li_Ejds8raM/sendMessage?chat_id=1639214896

Targets

- Target
  
  ödeme kopyası.exe
- Size
  
  645KB
- MD5
  
  6b0cd310489275fdbe09581682790b99
- SHA1
  
  fae5ab4d62fbe0e06c493423ea82d70f928853eb
- SHA256
  
  d2f683f8573debf656f41e4a53913c747d3699975e5ee04c7cac8a9b41587bfb
- SHA512
  
  5a6ac842465dd918eeaab7d31d86aeaa0cdd6c2e87641f0e0b13a3d48ff523c26964ed0e61268f776008ac3495febc2343f3b645f42263bb5b61bd003572e72b
- SSDEEP
  
  12288:OYCPOJq0bLW6PEKEFMHhkhpLzDtv0BLtQL21goNORLMz:OYCPOVWAEKwMsBDtMWR+KMz
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2