snakekeylogger | c671eea6e5c27b900aa96f1bea1f0dab359f175d149047adfa0e4aca83fac6f3

General

Target

AAD098656780.exe
Size

364KB
Sample

231009-f6kzjsaf6y
MD5

d42a5ffaa8adf709411fd8f90206f603
SHA1

e045a3ce2ea6415dec7b1e0280e4b5bd58ff70dc
SHA256

c671eea6e5c27b900aa96f1bea1f0dab359f175d149047adfa0e4aca83fac6f3
SHA512

eac6e5863f546caeaebceff1cf849b7a0c2068d4aa4a7399437a91588952bf79f29fab2400b524871b9dece0dcd986ef86db77b0a0a4d84ce88fdc118bf2d88d
SSDEEP

6144:j0nHBIKD2SJMzodRpUZNFvz6agXHW+RbQn18DDuY/NXOcwPFUPdk6ceh9X3P960G:UHfD2S+j56Jmub0aDuYlXOcwPS1k6ceN

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
posta.ni.net.tr
Port:
587
Username:
[email protected]
Password:
nilya1957
Email To:
[email protected]

Targets

- Target
  
  AAD098656780.exe
- Size
  
  364KB
- MD5
  
  d42a5ffaa8adf709411fd8f90206f603
- SHA1
  
  e045a3ce2ea6415dec7b1e0280e4b5bd58ff70dc
- SHA256
  
  c671eea6e5c27b900aa96f1bea1f0dab359f175d149047adfa0e4aca83fac6f3
- SHA512
  
  eac6e5863f546caeaebceff1cf849b7a0c2068d4aa4a7399437a91588952bf79f29fab2400b524871b9dece0dcd986ef86db77b0a0a4d84ce88fdc118bf2d88d
- SSDEEP
  
  6144:j0nHBIKD2SJMzodRpUZNFvz6agXHW+RbQn18DDuY/NXOcwPFUPdk6ceh9X3P960G:UHfD2S+j56Jmub0aDuYlXOcwPS1k6ceN
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2