snakekeylogger | ed8cfc8dd9908228257dec0b030319c9def084575bd9d0cfab58bdb0f84239da | Triage

Submit
Reports

Overview

overview

Static

static

1

21092023.exe

windows7-x64

21092023.exe

windows10-2004-x64

Sharing

General

Target

21092023_ipek_dekont.img
Size

1.6MB
Sample

231011-rl4fyacf8x
MD5

283d56d24946c78fd75397598d906cde
SHA1

7efee7798001e7e743f965bb948aa246640431bb
SHA256

ed8cfc8dd9908228257dec0b030319c9def084575bd9d0cfab58bdb0f84239da
SHA512

7734505c815e14e76b3c87e92b22a4408d37379695e20502530adf252794e556e75ab50e69c9e607e6439a011bc8e1c06d19b5d196695388bfb3515fb909788d
SSDEEP

24576:A8TlJceTIVdxxhi5j/AuqQmwAotLk3y+mAR9:A8ff07iRPAcLkh9

Score

10^/10

snakekeylogger collection evasion keylogger persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

21092023.exe

Resource

win7-20230831-en

snakekeylogger evasion keylogger persistence stealer trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

21092023.exe

Resource

win10v2004-20230915-en

snakekeylogger collection evasion keylogger persistence stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.gkas.com.tr
Port:
587
Username:
[email protected]
Password:
Gkasteknik@2022

Targets

- Target
  
  21092023.EXE
- Size
  
  1.0MB
- MD5
  
  2adc2be8ef4b654152194a3796e6b8b5
- SHA1
  
  a18cca8454ab68afc6cb9468ac6f6a2cd346f6ab
- SHA256
  
  c95ab1148740d3e9c48d27281fdeaab2922f9862a80398a006d333a86d852acb
- SHA512
  
  bb2ddb06a646ede69d6a14266dc5c87e49b5bcaadd0387b53563b43bbad57d03401ec521c86099015f0825716024460d65fc4c5e7f9fe282de053382809a19b5
- SSDEEP
  
  24576:t8TlJceTIVdxxhi5j/AuqQmwAotLk3y+mAR9M:t8ff07iRPAcLkh9M
Score

10^/10

snakekeylogger evasion keylogger persistence stealer trojan collection
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerevasionkeyloggerpersistencestealertrojan

behavioral2

snakekeyloggercollectionevasionkeyloggerpersistencestealertrojan

© 2018-2024

Terms | Privacy