snakekeylogger | eb129d9324fffc4f901285201177387057e3d6c8f34e93aab8b08eee5b44dcb9 | Triage

Sharing

General

Target

dekontMPS20231003.exe
Size

420KB
Sample

231003-wzr3aagg24
MD5

fdc10b0a79f5e2d47f81c4f81ad4ac07
SHA1

1a9b020fe2e21e9ab341643c8f9e96bd8a5da095
SHA256

eb129d9324fffc4f901285201177387057e3d6c8f34e93aab8b08eee5b44dcb9
SHA512

f0c76eea93c0e23cab41f63b4f7fcae895373134933c6755c56dd6d0d0c14c953b5f0725391dfb392ff22988deeacb5a194e50ac5a87428563367fecd883918b
SSDEEP

12288:vQ/VsmwXLT+jUl+cQMFY523fXbfqfc/3ubyMN:4/VsdXLKjUl+cQMFYU3fXbf2c/3J

Score

10^/10

snakekeylogger collection keylogger persistence spyware stealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6559576673:AAE6veQ5mMCrHEUknXuYdCi8fCjm4p3sg-0/sendMessage?chat_id=1467583453

Targets

- Target
  
  dekontMPS20231003.exe
- Size
  
  420KB
- MD5
  
  fdc10b0a79f5e2d47f81c4f81ad4ac07
- SHA1
  
  1a9b020fe2e21e9ab341643c8f9e96bd8a5da095
- SHA256
  
  eb129d9324fffc4f901285201177387057e3d6c8f34e93aab8b08eee5b44dcb9
- SHA512
  
  f0c76eea93c0e23cab41f63b4f7fcae895373134933c6755c56dd6d0d0c14c953b5f0725391dfb392ff22988deeacb5a194e50ac5a87428563367fecd883918b
- SSDEEP
  
  12288:vQ/VsmwXLT+jUl+cQMFY523fXbfqfc/3ubyMN:4/VsdXLKjUl+cQMFYU3fXbf2c/3J
Score

10^/10

snakekeylogger collection keylogger persistence spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerpersistencespywarestealer