snakekeylogger | e0b666fbc8a990384a6c28a2a08f0cca3c7d2dfa3914b0f19f0674a22961e65e

General

Target

e7150df51b706a52e607fc812ff8c9febddbca6adebefb931564051e48ab9162.zip
Size

268KB
Sample

230321-r1nzssbc59
MD5

2b9be664a5ce5f679258955084f964f1
SHA1

8e0e9252c96deefa6f938204d28c5c2e59dff181
SHA256

e0b666fbc8a990384a6c28a2a08f0cca3c7d2dfa3914b0f19f0674a22961e65e
SHA512

25d020bf031a45c3f50b2a1eaa5bf4e3187b803d3457045cd46a16e698667c2f67d7e57f8133f01a91c7e35ea1a1b1ecce22e05a30bf418a4405197a566c013f
SSDEEP

6144:xp5zQrJa9r+zDGPDjmEfzFMiBzBxyHxtw3Va6KhW4:jAbSf1BSRto/KJ

Score

10^/10

Malware Config

Targets

- Target
  
  e7150df51b706a52e607fc812ff8c9febddbca6adebefb931564051e48ab9162.exe
- Size
  
  423KB
- MD5
  
  a87d9e4cb8aa432c11d9e1f8387a35b0
- SHA1
  
  c8be7a2aecc9da9c32da193ddfec1b7d214bd2aa
- SHA256
  
  e7150df51b706a52e607fc812ff8c9febddbca6adebefb931564051e48ab9162
- SHA512
  
  648496ead90860de77f459f465f0b8b458a2011af848ab2e839f98044fd2fad20ea706fd362c0ea9d2b6293d07e80004d1a02f375506ec7a161b7f30d5e1027f
- SSDEEP
  
  6144:uYa6nXV3lsHzOilB8qZkbaIQsGCsCti5RuvEmOFxYFw+rc7pJz:uYlRls1lB8qGeIIHzusFkc7Tz
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Snake Keylogger

Snake Keylogger payload

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2