snakekeylogger | 1159798d7b0504960fd5b45cf68a8589c9b3d28e56b372a93195dd009cc45f55 | Triage

Submit
Reports

Overview

overview

Static

static

3

Pjlbwitnky.exe

windows7-x64

Pjlbwitnky.exe

windows10-2004-x64

Resubmissions

05-06-2023 14:15

230605-rkwdyaha54 10

Sharing

General

Target

Pjlbwitnky.exe
Size

30KB
Sample

230605-rkwdyaha54
MD5

2dcabf443b7d1abcc0c2de16ecec90bc
SHA1

e82d2533f5f7f64f0d15960dcbbf9b5b30d585c2
SHA256

1159798d7b0504960fd5b45cf68a8589c9b3d28e56b372a93195dd009cc45f55
SHA512

638e4986489be8a850b2991874249995764885232a344be34c2655f79aeb5aff58f674b87d8dc64afd3d9e4992f1843cc2938e493055ac391e387ea181a5dfb8
SSDEEP

384:Yt+fcBiL2sQvTNfqMLoLb7HE3/Afi7B02PZpBvgOeHItoUtPx+0HYX:YtJerY7cb7HEvAfS/PZp92fOp+3X

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Pjlbwitnky.exe

Resource

win7-20230220-en

snakekeylogger collection keylogger stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Pjlbwitnky.exe

Resource

win10v2004-20230220-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5996089921:AAFFEnbgTY8Gt8G5jJy6llKhDg_Ha193t7c/sendMessage?chat_id=2054148913

Targets

- Target
  
  Pjlbwitnky.exe
- Size
  
  30KB
- MD5
  
  2dcabf443b7d1abcc0c2de16ecec90bc
- SHA1
  
  e82d2533f5f7f64f0d15960dcbbf9b5b30d585c2
- SHA256
  
  1159798d7b0504960fd5b45cf68a8589c9b3d28e56b372a93195dd009cc45f55
- SHA512
  
  638e4986489be8a850b2991874249995764885232a344be34c2655f79aeb5aff58f674b87d8dc64afd3d9e4992f1843cc2938e493055ac391e387ea181a5dfb8
- SSDEEP
  
  384:Yt+fcBiL2sQvTNfqMLoLb7HE3/Afi7B02PZpBvgOeHItoUtPx+0HYX:YtJerY7cb7HEvAfS/PZp92fOp+3X
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy