snakekeylogger | c5ab3a2b0cdee04b6cfd385a634573b3da5857d308b1ad5d107fe913cfe9e97c | Triage

Submit
Reports

Overview

overview

Static

static

3

c5ab3a2b0c...JC.exe

windows7-x64

c5ab3a2b0c...JC.exe

windows10-2004-x64

Sharing

General

Target

c5ab3a2b0cdee04b6cfd385a634573b3da5857d308b1ad5d107fe913cfe9e97c_JC.exe
Size

352KB
Sample

231011-2cdt2agb9x
MD5

136fcb0e5f1f8f01355c76f82f521042
SHA1

1780d6eae94e6aa09caf83160baf9b6100a3bae5
SHA256

c5ab3a2b0cdee04b6cfd385a634573b3da5857d308b1ad5d107fe913cfe9e97c
SHA512

82831d07b00018e16aa5e4f2f3cb0afc8d8c3cb265bfeb81fd0a6f06bd33a895b73b71c723fff733bf79b8d56be6584f745fb84d838bc1ae074ba8109838750c
SSDEEP

6144:GiRg5C/D8frFV5b9mCIcbDqAxuuiqohdrZlhV8zmVIQU4P6AEpiCUBRWalN:GiRHb8xX9bIf+TBobrZKzmVIQUo6AEpa

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c5ab3a2b0cdee04b6cfd385a634573b3da5857d308b1ad5d107fe913cfe9e97c_JC.exe

Resource

win7-20230831-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c5ab3a2b0cdee04b6cfd385a634573b3da5857d308b1ad5d107fe913cfe9e97c_JC.exe

Resource

win10v2004-20230915-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.gkas.com.tr
Port:
587
Username:
[email protected]
Password:
Gkasteknik@2022

Targets

- Target
  
  c5ab3a2b0cdee04b6cfd385a634573b3da5857d308b1ad5d107fe913cfe9e97c_JC.exe
- Size
  
  352KB
- MD5
  
  136fcb0e5f1f8f01355c76f82f521042
- SHA1
  
  1780d6eae94e6aa09caf83160baf9b6100a3bae5
- SHA256
  
  c5ab3a2b0cdee04b6cfd385a634573b3da5857d308b1ad5d107fe913cfe9e97c
- SHA512
  
  82831d07b00018e16aa5e4f2f3cb0afc8d8c3cb265bfeb81fd0a6f06bd33a895b73b71c723fff733bf79b8d56be6584f745fb84d838bc1ae074ba8109838750c
- SSDEEP
  
  6144:GiRg5C/D8frFV5b9mCIcbDqAxuuiqohdrZlhV8zmVIQU4P6AEpiCUBRWalN:GiRHb8xX9bIf+TBobrZKzmVIQUo6AEpa
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy