snakekeylogger | 9015e2b95bf96a0a2302575abbe9f4130bd2adcb5689ed679c21b807a7064f72 | Triage

Submit
Reports

Overview

overview

Static

static

3

b2e76f7da4...12.exe

windows7-x64

b2e76f7da4...12.exe

windows10-2004-x64

Sharing

General

Target

c618ea88580dc6cf97c2fee2cd8d8bc5.bin
Size

1.3MB
Sample

230605-ps1yaagf29
MD5

d400e180d542f8e285615a00e1d47759
SHA1

166a5ff486fac72c4e98f34dec0040e7d29d522e
SHA256

9015e2b95bf96a0a2302575abbe9f4130bd2adcb5689ed679c21b807a7064f72
SHA512

8d0db5012d8f97641a24c60b514f97f316eb4614bc0caef2382f6ce50611adf127bf2615996db2d33f9d926284f7531e452f3d3809f1cafb060f9d4078de5086
SSDEEP

24576:biZT8UlUruAak4YhPmHw+dWu7oPR7JVV0mmNYS53Zx6y0eKXdEh:bhUFYhp+/7oVV0mmNJJZx6yjKqh

Score

10^/10

snakekeylogger stormkitty collection keylogger persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b2e76f7da4513cd15aa3846c9a40fa3cb20c60635befebef6efe543f16079912.exe

Resource

win7-20230220-en

snakekeylogger stormkitty collection keylogger persistence spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2e76f7da4513cd15aa3846c9a40fa3cb20c60635befebef6efe543f16079912.exe

Resource

win10v2004-20230221-en

snakekeylogger stormkitty collection keylogger persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5553654095:AAFY7fGm3A2NSyoJOWhzq_VfL3zRwqCo4Ow/sendMessage?chat_id=6183982484

Targets

- Target
  
  b2e76f7da4513cd15aa3846c9a40fa3cb20c60635befebef6efe543f16079912.exe
- Size
  
  1.4MB
- MD5
  
  c618ea88580dc6cf97c2fee2cd8d8bc5
- SHA1
  
  f995cadb36e461cee8c47fecc1c3efba8943c6da
- SHA256
  
  b2e76f7da4513cd15aa3846c9a40fa3cb20c60635befebef6efe543f16079912
- SHA512
  
  8af32d570a66d4869e3dbfe939ba6b15ec57392e1c433274670a85fda144953db9c17a3d1958b63beaa2b2f3069c6b6f16284f8709bfb6b89b65c12f9e965372
- SSDEEP
  
  24576:lTbBv5rUFcDYfTPmHkhj63zSBsPMQQO6ZNqmSEF9SvXeMi0j8x+B5A4d7UGOQ8OR:PBHuTOHkl6jCsPMQQZcmSvXeMdj8xyxl
Score

10^/10

snakekeylogger stormkitty collection keylogger persistence spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerstormkittycollectionkeyloggerpersistencespywarestealer

behavioral2

snakekeyloggerstormkittycollectionkeyloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy