snakekeylogger | c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff | Triage

Submit
Reports

Overview

overview

Static

static

1

c9f2aae3ea...ff.exe

windows7-x64

c9f2aae3ea...ff.exe

windows10-2004-x64

Sharing

General

Target

c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff.exe
Size

692KB
Sample

231011-q2y1qaag3z
MD5

f0683bb61a43a8dd7061dbd8ee3af88b
SHA1

c94587218dc3ce9bd66e7ebe23c720ca50afd989
SHA256

c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff
SHA512

7bc496ee73cbc6d5fa86edde2154c50cdc2aedc50fb98f368fecb30294888e1a59ec507d23a4b5b4ab2dee5dad22ea868caaea2e1b56d7e76f70b57567a5e2d7
SSDEEP

12288:x8avfjKnHHYHq03Lytq3SRlW5cY26RTTmsp2TDNJ0/el69Q01ZLkrai9i+Plb5py:x8ef8HCbB2W57/TTmq2TDNJ0mM9NipgH

Score

10^/10

snakekeylogger collection evasion keylogger persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff.exe

Resource

win7-20230831-en

snakekeylogger evasion keylogger persistence stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff.exe

Resource

win10v2004-20230915-en

snakekeylogger collection evasion keylogger persistence stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.gkas.com.tr
Port:
587
Username:
[email protected]
Password:
Gkasteknik@2022

Targets

- Target
  
  c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff.exe
- Size
  
  692KB
- MD5
  
  f0683bb61a43a8dd7061dbd8ee3af88b
- SHA1
  
  c94587218dc3ce9bd66e7ebe23c720ca50afd989
- SHA256
  
  c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff
- SHA512
  
  7bc496ee73cbc6d5fa86edde2154c50cdc2aedc50fb98f368fecb30294888e1a59ec507d23a4b5b4ab2dee5dad22ea868caaea2e1b56d7e76f70b57567a5e2d7
- SSDEEP
  
  12288:x8avfjKnHHYHq03Lytq3SRlW5cY26RTTmsp2TDNJ0/el69Q01ZLkrai9i+Plb5py:x8ef8HCbB2W57/TTmq2TDNJ0mM9NipgH
Score

10^/10

snakekeylogger evasion keylogger persistence stealer trojan collection
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerevasionkeyloggerpersistencestealertrojan

behavioral2

snakekeyloggercollectionevasionkeyloggerpersistencestealertrojan

© 2018-2024

Terms | Privacy