snakekeylogger | 2cb7c9dc87cd618a4a307a8f7a054fc0acbb375e0dc2b3d041e5f5b9f138b601

General

Target

49129798708280181c06bfbad.exe
Size

839KB
Sample

230709-sazt2seb9v
MD5

49129798708280181c06bfbad2588dc4
SHA1

616afee4d532afe61d2b17734070c991b748d3e1
SHA256

2cb7c9dc87cd618a4a307a8f7a054fc0acbb375e0dc2b3d041e5f5b9f138b601
SHA512

6fe7a77b828d24f8994700295731239a1712e64ada072066227bf74c6cd1806c905b8048a0c1a5a7367c6426c780a04764efb56fb3c02504c87b61bd2c9c5c52
SSDEEP

12288:paTVhXmdHpTWByppgEWLJ0cd5qWXPO6s/bT:UpOpTWBy8J0cDqWATT

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5825732293:AAE2qhbUfQUbm_3BbERMH_NFkrA1EHCGaiA/sendMessage?chat_id=6085461303

Targets

- Target
  
  49129798708280181c06bfbad.exe
- Size
  
  839KB
- MD5
  
  49129798708280181c06bfbad2588dc4
- SHA1
  
  616afee4d532afe61d2b17734070c991b748d3e1
- SHA256
  
  2cb7c9dc87cd618a4a307a8f7a054fc0acbb375e0dc2b3d041e5f5b9f138b601
- SHA512
  
  6fe7a77b828d24f8994700295731239a1712e64ada072066227bf74c6cd1806c905b8048a0c1a5a7367c6426c780a04764efb56fb3c02504c87b61bd2c9c5c52
- SSDEEP
  
  12288:paTVhXmdHpTWByppgEWLJ0cd5qWXPO6s/bT:UpOpTWBy8J0cDqWATT
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2