snakekeylogger | e28909c004f094d21d333e507708ec6f5cd0cc78144b3f9ff01a053cbd443bea | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

e28909c004f094d21d333e507708ec6f5cd0cc78144b3f9ff01a053cbd443bea
Size

154KB
Sample

230601-yk763agc38
MD5

cd7722e668bab8732008fc21cd5c54c8
SHA1

8975a70599cb30e8dbf6fd1e9494e2ff64773463
SHA256

e28909c004f094d21d333e507708ec6f5cd0cc78144b3f9ff01a053cbd443bea
SHA512

c14a6550cc68fe73b650c0772c567e84febeb3a7fc0c1d67a7f81bbd363e96ab3e16526557ab1d341af5e13c6de843945b1c4a33614a0dd9a38d4cd1021a0e7b
SSDEEP

3072:mv+9f2lFEuvThAoAimIzlSyM/bx9wFBvEZSin/Uh8wPC7wCuQo5bXOMGkUzllQEf:G+9fGuuvTLbmilSyIbx92EZ/C8wPCWQ3

Score

10^/10

snakekeylogger stormkitty collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

e28909c004f094d21d333e507708ec6f5cd0cc78144b3f9ff01a053cbd443bea.exe

Resource

win10v2004-20230220-en

snakekeylogger stormkitty collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6184780923:AAHbCGrBU_2zg9A-73yTyKKCMGf1tkzUFbM/sendMessage?chat_id=759814203

Targets

- Target
  
  e28909c004f094d21d333e507708ec6f5cd0cc78144b3f9ff01a053cbd443bea
- Size
  
  154KB
- MD5
  
  cd7722e668bab8732008fc21cd5c54c8
- SHA1
  
  8975a70599cb30e8dbf6fd1e9494e2ff64773463
- SHA256
  
  e28909c004f094d21d333e507708ec6f5cd0cc78144b3f9ff01a053cbd443bea
- SHA512
  
  c14a6550cc68fe73b650c0772c567e84febeb3a7fc0c1d67a7f81bbd363e96ab3e16526557ab1d341af5e13c6de843945b1c4a33614a0dd9a38d4cd1021a0e7b
- SSDEEP
  
  3072:mv+9f2lFEuvThAoAimIzlSyM/bx9wFBvEZSin/Uh8wPC7wCuQo5bXOMGkUzllQEf:G+9fGuuvTLbmilSyIbx92EZ/C8wPCWQ3
Score

10^/10

snakekeylogger stormkitty collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerstormkittycollectionkeyloggerstealer

© 2018-2024

Terms | Privacy