snakekeylogger | 7f3df0f4aa532153b7834e8838687eab2c086b9c649c8c0a348e60b8aa6e9b40 | Triage

Submit
Reports

Overview

overview

Static

static

3

6076d3956e...e8.exe

windows7-x64

6076d3956e...e8.exe

windows10-2004-x64

Sharing

General

Target

098024da9b3784a0b27f64db4f2a2f36.bin
Size

901KB
Sample

230605-lxhqqagc61
MD5

6ff0842d939354c8f3702a5d2e168619
SHA1

6eddb58c135cc172213c05418ec7d87d25023c42
SHA256

7f3df0f4aa532153b7834e8838687eab2c086b9c649c8c0a348e60b8aa6e9b40
SHA512

d58853aba8409f35c6313471ee0e72c9bc92a48ec474b1a090f53cf7be41030b9d3a9d54d84520ddfbf3ee48b1bea0ea7e549adbe0030e67689c9ddeaa07775f
SSDEEP

12288:o0nwICm+Xri1hSAkPO3Yg7J5gxIZodZSBcAnodgjUndrBsdISGEwUW2f4ER:twIS0SAkUtJKx3HSmhn+tXJ

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8.exe

Resource

win7-20230220-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8.exe

Resource

win10v2004-20230220-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
25
Username:
triihope931@gmail.com
Password:
iebtzpacgzyullvo

Targets

- Target
  
  6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8.exe
- Size
  
  1014KB
- MD5
  
  098024da9b3784a0b27f64db4f2a2f36
- SHA1
  
  93fae08652dcc71457988ac2f9726963974a40d4
- SHA256
  
  6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8
- SHA512
  
  0a6a9418c99583b46290a725bd7ccabc0995eb8f5a948835905fea5efd516f0801a4c3c48ed74afcc874a709106c09871c46066280dfcafd669ca3d8d1f07f65
- SSDEEP
  
  24576:wF2/4lUw/FGjVKfW5BMqUE53nTOHh1NLof7G7:wF2/ei0WAdwqHh1N0TG
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy