snakekeylogger | 1c4551aa02efa75273b0243bdf8c3e5a10ddb8e8be2e7d513942ade0115011fc

General

Target

PO12052023.exe
Size

442KB
Sample

230513-gw1spaff42
MD5

cdb42137bf2343f39d1e65c5df1e6cba
SHA1

06b68d0b76988ccab1549f179afcdada4bfad092
SHA256

1c4551aa02efa75273b0243bdf8c3e5a10ddb8e8be2e7d513942ade0115011fc
SHA512

378ae4c0e233a74bc16c3ab039096d6b1a30952586c36a7c9e27c390749c4f3f5d5f9b171e2f55bb7458be4fb006d70c08dd233200bce7833e263e5ad8a7c5f2
SSDEEP

6144:R4sL+t1QILLCeLsWgn+vO6rZQ+yn1apMc40AvnhAp081nNVjqKoe:inxs9n+vO6VQ+e1apMcOv6nnjqKoe

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6296181609:AAGAOhYH-dkTEQqHw-rWHbkpGOeR4Z7OA18/sendMessage?chat_id=1760125104

Targets

- Target
  
  PO12052023.exe
- Size
  
  442KB
- MD5
  
  cdb42137bf2343f39d1e65c5df1e6cba
- SHA1
  
  06b68d0b76988ccab1549f179afcdada4bfad092
- SHA256
  
  1c4551aa02efa75273b0243bdf8c3e5a10ddb8e8be2e7d513942ade0115011fc
- SHA512
  
  378ae4c0e233a74bc16c3ab039096d6b1a30952586c36a7c9e27c390749c4f3f5d5f9b171e2f55bb7458be4fb006d70c08dd233200bce7833e263e5ad8a7c5f2
- SSDEEP
  
  6144:R4sL+t1QILLCeLsWgn+vO6rZQ+yn1apMc40AvnhAp081nNVjqKoe:inxs9n+vO6VQ+e1apMcOv6nnjqKoe
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2