snakekeylogger | 5d63464bad9316f6dea4ffbe71989d50626f8b209305a34a1db87e5e0c6d7dac | Triage

Submit
Reports

Overview

overview

Static

static

3

77c8dfbd11...40.exe

windows7-x64

77c8dfbd11...40.exe

windows10-2004-x64

Sharing

General

Target

77c8dfbd11944592367783ec9a9f0e40.exe
Size

525KB
Sample

230610-l3qzaaef32
MD5

77c8dfbd11944592367783ec9a9f0e40
SHA1

503fbea540adbb8822ee8231f672828b77a09d47
SHA256

5d63464bad9316f6dea4ffbe71989d50626f8b209305a34a1db87e5e0c6d7dac
SHA512

e5afe43ace447b18fc1809d4719a1a6c53b22c61278d6bb6e0b529ebd1f4925895e99eff974768c7a7c8ec36cba3e48f487704ebf64979055e52083953a9ab82
SSDEEP

12288:p39P4Nd4c6Y3+hzEeuzWaH46noaSO0V9J:19P4Ndr6/hzEeuzWaH4uTSOG

Score

10^/10

snakekeylogger stormkitty collection keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

77c8dfbd11944592367783ec9a9f0e40.exe

Resource

win7-20230220-en

snakekeylogger stormkitty collection keylogger spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

77c8dfbd11944592367783ec9a9f0e40.exe

Resource

win10v2004-20230221-en

snakekeylogger stormkitty collection keylogger spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6215194475:AAG0v9XHc1z7f3mGswGN6a7WHknQv8IgUJg/sendMessage?chat_id=1467583453

Targets

- Target
  
  77c8dfbd11944592367783ec9a9f0e40.exe
- Size
  
  525KB
- MD5
  
  77c8dfbd11944592367783ec9a9f0e40
- SHA1
  
  503fbea540adbb8822ee8231f672828b77a09d47
- SHA256
  
  5d63464bad9316f6dea4ffbe71989d50626f8b209305a34a1db87e5e0c6d7dac
- SHA512
  
  e5afe43ace447b18fc1809d4719a1a6c53b22c61278d6bb6e0b529ebd1f4925895e99eff974768c7a7c8ec36cba3e48f487704ebf64979055e52083953a9ab82
- SSDEEP
  
  12288:p39P4Nd4c6Y3+hzEeuzWaH46noaSO0V9J:19P4Ndr6/hzEeuzWaH4uTSOG
Score

10^/10

snakekeylogger stormkitty collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerstormkittycollectionkeyloggerspywarestealer

behavioral2

snakekeyloggerstormkittycollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy