snakekeylogger | fc4b30802da59aafff89ecc9cac8981c35109b22cbdff3049bc1df46ca1543d6

General

Target

Qz8jD8IBXlSH0Gp.exe
Size

682KB
Sample

231011-hsqc8age81
MD5

2ba38d110d7f63bef0ec0dc14bd71f9a
SHA1

32b24d9e7227516f58ee1928872af6f6a3dd98b4
SHA256

fc4b30802da59aafff89ecc9cac8981c35109b22cbdff3049bc1df46ca1543d6
SHA512

9afd44f8de1ff974f915b4968270adb3be7a770179113b694247a48b6ac2c31b8a374fa06e95a5182253b4e7c5e14ef32fec9a0906b09980e5bbddd0d19eff0a
SSDEEP

12288:J80WWObWINS+bX4QJNmzgSi7e/HxqQSRsrY0yTT2Vqsy3kxi4bTlmS:V4bNSaIoNOgSiqoQSRsrvyTaG3YTlm

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6672846419:AAFSAihbjn4BiXgm0YY8G7ozGP9JeR3fpi4/sendMessage?chat_id=6469857895

Targets

- Target
  
  Qz8jD8IBXlSH0Gp.exe
- Size
  
  682KB
- MD5
  
  2ba38d110d7f63bef0ec0dc14bd71f9a
- SHA1
  
  32b24d9e7227516f58ee1928872af6f6a3dd98b4
- SHA256
  
  fc4b30802da59aafff89ecc9cac8981c35109b22cbdff3049bc1df46ca1543d6
- SHA512
  
  9afd44f8de1ff974f915b4968270adb3be7a770179113b694247a48b6ac2c31b8a374fa06e95a5182253b4e7c5e14ef32fec9a0906b09980e5bbddd0d19eff0a
- SSDEEP
  
  12288:J80WWObWINS+bX4QJNmzgSi7e/HxqQSRsrY0yTT2Vqsy3kxi4bTlmS:V4bNSaIoNOgSiqoQSRsrvyTaG3YTlm
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2