snakekeylogger | 7279b9c2a8cd5c76ff1b1a1cd3d9d0a0abcbc554ecebaa6c713f087bcd755c56

General

Target

c55b05f72666b00a2153c92628979f2a.bin
Size

45KB
Sample

230611-ccq2xsha7z
MD5

4f8a8da1ced654572d65eca298b45f6e
SHA1

66b5b51aca67487604eb46c504482d2727d6c618
SHA256

7279b9c2a8cd5c76ff1b1a1cd3d9d0a0abcbc554ecebaa6c713f087bcd755c56
SHA512

fb1089e3844d4df3cce2810961a27ff50b495bf87866a7c34a4e1640fe95a4341b3dcadb36c68a09de87b3f7d1236bb35059cb3e8fd7a07f3b6579f2487292c1
SSDEEP

768:st87d8+GYksiOJHv0Zm0b82g9LNBO+UpNyrNLwGhrFc9G7VhlNYm6s:b7d8cJJcZENBhUpNy5hF7bf

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5945022662:AAH3tNDq2H4t2_2yAxq__TOQa3RMNliwRjM/sendMessage?chat_id=6147569474

Targets

- Target
  
  e7d13ec9ec5f7941487d13791dae5640ebac867970f1b855d812798032f91720.exe
- Size
  
  127KB
- MD5
  
  c55b05f72666b00a2153c92628979f2a
- SHA1
  
  d0419e3feb4215c08ab82853e6474f9b108438e3
- SHA256
  
  e7d13ec9ec5f7941487d13791dae5640ebac867970f1b855d812798032f91720
- SHA512
  
  a29026b90575b9bc62bd52aea64d74d18ffb100db0662335d520393f1ffe0f76fb635b67f0b4605fc35815ad76badc420a8786d5b7d07185f0b74ba7ea27ddd8
- SSDEEP
  
  3072:qOOYz2BVPhpxCsyYAbb7ZwHwBWjTWgbY:7ziG5buT3b
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2