snakekeylogger | cb7556e08e424f6f324f59d32d473d3ce8efbd462f2b8f7448e4832ffefd7bf7

General

Target

ekstre.pdf.exe
Size

973KB
Sample

230605-gj57msfa64
MD5

8f5b7d816bf02f0b212490cd37964d68
SHA1

27dbabd4a24a7aba91cfbf9c3bbc8547274b629a
SHA256

cb7556e08e424f6f324f59d32d473d3ce8efbd462f2b8f7448e4832ffefd7bf7
SHA512

75c6e1cdd1f30bad18ef70cc0eb39277e648dcacefedf40ed2d8143c365a4d82d8b336ba117f4060406017666faae428dca68ee4d3116075be454043e13f6b5b
SSDEEP

12288:m/ay9LAd0YKC902ncOXYeWvius6IEkmqxy:xl9j3XJYnsLmMy

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5990689485:AAF2-uAQqkGmyMf-HkQ_5G1q8B9Ce_oT6o0/sendMessage?chat_id=5726609491

Targets

- Target
  
  ekstre.pdf.exe
- Size
  
  973KB
- MD5
  
  8f5b7d816bf02f0b212490cd37964d68
- SHA1
  
  27dbabd4a24a7aba91cfbf9c3bbc8547274b629a
- SHA256
  
  cb7556e08e424f6f324f59d32d473d3ce8efbd462f2b8f7448e4832ffefd7bf7
- SHA512
  
  75c6e1cdd1f30bad18ef70cc0eb39277e648dcacefedf40ed2d8143c365a4d82d8b336ba117f4060406017666faae428dca68ee4d3116075be454043e13f6b5b
- SSDEEP
  
  12288:m/ay9LAd0YKC902ncOXYeWvius6IEkmqxy:xl9j3XJYnsLmMy
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2