snakekeylogger | 6fa45e57a0c10b280baeef2d8a446499a2fd29f5745535cb8f7e0c0d51852009

General

Target

Confirmación de recibo de transferencia.exe
Size

621KB
Sample

230424-rneklacc83
MD5

34aad4cf4e2eaff477944be25df41837
SHA1

ed808f2f8b9634e8a513401122ad8b03152742b5
SHA256

6fa45e57a0c10b280baeef2d8a446499a2fd29f5745535cb8f7e0c0d51852009
SHA512

136f30226265ad4e1d73cf67c10ba9f035409222cb64fa06d68d71d2fdd9e362128902fdbbbfe01510004e29e37ab1819ca61f7777f0946a6cd9df8dfc71c0c5
SSDEEP

12288:buFqUvdP5Kq/XpKQKr2fjJswmvTPVj9Y/:bpUvKq/pKx2fjmwETt9

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.condominioaocubo.pt
Port:
587
Username:
[email protected]
Password:
Qualidade.c3.2018

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.condominioaocubo.pt
Port:
587
Username:
[email protected]
Password:
Qualidade.c3.2018
Email To:
[email protected]

Targets

- Target
  
  Confirmación de recibo de transferencia.exe
- Size
  
  621KB
- MD5
  
  34aad4cf4e2eaff477944be25df41837
- SHA1
  
  ed808f2f8b9634e8a513401122ad8b03152742b5
- SHA256
  
  6fa45e57a0c10b280baeef2d8a446499a2fd29f5745535cb8f7e0c0d51852009
- SHA512
  
  136f30226265ad4e1d73cf67c10ba9f035409222cb64fa06d68d71d2fdd9e362128902fdbbbfe01510004e29e37ab1819ca61f7777f0946a6cd9df8dfc71c0c5
- SSDEEP
  
  12288:buFqUvdP5Kq/XpKQKr2fjJswmvTPVj9Y/:bpUvKq/pKx2fjmwETt9
Score

10^/10

snakekeylogger stormkitty collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

StormKitty

StormKitty payload

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2