snakekeylogger | 1fb43908b0157aa47ec23ef11933db3e5f72cc93ad76d5b3e33289c2ebb21fe8 | Triage

Submit
Reports

Overview

overview

Static

static

1

3108a3fcb4...4d.exe

windows7-x64

3108a3fcb4...4d.exe

windows10-2004-x64

Sharing

General

Target

44d5b7f05eaf67f8c48e6ee5f4ac5b10.bin
Size

554KB
Sample

230328-bvdc4sab3t
MD5

1b0d3e0a2122b11906e263684402884c
SHA1

3773582f53340019bf09c7e29674ff7a7c7f8a26
SHA256

1fb43908b0157aa47ec23ef11933db3e5f72cc93ad76d5b3e33289c2ebb21fe8
SHA512

84f68f36f60b1408a908c704251d8956d11939091866f97037d162a958d91dc568342c435444087ab317bbbb62015a930bc81dfa9519f9a6e0927d75dfac12ad
SSDEEP

12288:T9098igYTsA/BKUnKh1cw9dXiTrB8S1xbM1OYTUcXnMmkwSg:Z03gwxsUnKzFXiT9h15DYXnjz

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

3108a3fcb44794c0d76370e03236aeaed5883eab03bf13c80aa421a2b7a77c4d.exe

Resource

win7-20230220-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3108a3fcb44794c0d76370e03236aeaed5883eab03bf13c80aa421a2b7a77c4d.exe

Resource

win10v2004-20230220-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
apostle@cdhrmatel.com
Password:
aMfYdLX3
Email To:
apostle@cdhrmatel.com

Targets

- Target
  
  3108a3fcb44794c0d76370e03236aeaed5883eab03bf13c80aa421a2b7a77c4d.exe
- Size
  
  1.1MB
- MD5
  
  44d5b7f05eaf67f8c48e6ee5f4ac5b10
- SHA1
  
  97c66412a2c0d4928ce8b9c95475e3b3a4074e76
- SHA256
  
  3108a3fcb44794c0d76370e03236aeaed5883eab03bf13c80aa421a2b7a77c4d
- SHA512
  
  f117628688d426ac2e85ba98aa431d9806a190211a851195de9cdb1cb3c0e291b3b9429bd8d5edc1ee020cc352792f537d0fa6497fab271064405393da80cd6a
- SSDEEP
  
  12288:8y1Q2ngMtm9+0CSi1a/7rEw7G/1Gjdues5j38eFp5bo0+4g58UTVaOJj5BSo4iVo:Eu5LauGgB6Wj1+CyCQgl
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy