snakekeylogger | 56256709f596532c266b723b263c3db71bb4b88d8051ade4fc83fc793b5f341e | Triage

Sharing

General

Target

SCH09876568009876-0900.pdf..z.zip
Size

590KB
Sample

231006-h6nfsahf8w
MD5

9964c6426dd7581f4e57cb2fc5af0ad1
SHA1

7787c2cb4fa86175858523c62ae78225e259994c
SHA256

56256709f596532c266b723b263c3db71bb4b88d8051ade4fc83fc793b5f341e
SHA512

3ae1a3920d6711859a8b5bc509ff9dad7c6ebe6afbd481add0872c91bdfd869c2c87afc21487d7514c1991ef3a0408121a1989d2edfa9d19d80de1e854116e5d
SSDEEP

12288:L4bFfk9j+gb+AG+Sw3hvHy8F1MqrwrSz8gjgQztHg7SASw34E7Msn:8ZfC6AUw3hvS8F1lgSAmgQ9gmTw34E7f

Score

10^/10

snakekeylogger collection keylogger stealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
posta.ni.net.tr
Port:
587
Username:
[email protected]
Password:
nilya1957
Email To:
[email protected]

Targets

- Target
  
  SCH09876568009876-0900.exe
- Size
  
  362KB
- MD5
  
  aa5a9b89face6a291cf9057d321bdbb9
- SHA1
  
  d32b056096e926d6ba6ed31acf144e31eee6aa0e
- SHA256
  
  3e6e127fca912f8729025ec259e391805ff42648fa75c34f9ccc6551cb7fba55
- SHA512
  
  21b1876cf85d48a7cc54df836dbc2266e48e57f9679f260159185d78770b93334f06e8def42729021ffb082d822acf6d3cdc7839c9be112df9f31ee6b765f169
- SSDEEP
  
  6144:r0nJBIKD2SJMz2dR8rZNlvzd4o6adHT3+lo2iUSe7Ye8i9Sw3Kc50RxTlSdk6ces:MJfD2S+nRd4CHCTi/hetSw3juPek6ce5
Score

10^/10

snakekeylogger keylogger stealer collection
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  SCH09876568009876-098.exe
- Size
  
  356KB
- MD5
  
  a9d79ca8143f17ee3d17596b500676c2
- SHA1
  
  737af7ca98ab36041889940a3468f690549448be
- SHA256
  
  765daa6202872b486382897bb06f4e17522fc29173677ea38e6e3451c5fb5d3e
- SHA512
  
  f66cd53aa1d123b8ddf8e02e291d9cb08e43fed2d0b107be328799e55f33a4383b7715d50e6b89dbea0d08f9560232d579ee2f4ad4082d43645e2c7bc05f1c16
- SSDEEP
  
  6144:L0nJBIKD2SJMz2dR8rZNlvzB0CCadHT3+lo2iUSe7Ye8i9Sw3Kc50RxTlSdk6ce4:sJfD2S+nRBl/HCTi/hetSw3juPek6ceV
Score

10^/10

snakekeylogger keylogger stealer collection
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

behavioral3

snakekeyloggerkeyloggerstealer

behavioral4

snakekeyloggercollectionkeyloggerstealer