snakekeylogger | 62c1d71fff5293071772735f75960544716be3c3ee5996c6889f3ef3b4e7bcec | Triage

Sharing

General

Target

Qqiodttyb.exe
Size

22KB
Sample

231011-x5hw8sgf7t
MD5

18ca50ce46f3936a2fc9def3f45b5525
SHA1

611fc5292204652425f972fa13e77c75e40a95d7
SHA256

62c1d71fff5293071772735f75960544716be3c3ee5996c6889f3ef3b4e7bcec
SHA512

b9d362a2f862868935b637ee1a3bf27fe67b5302f43c677fae5cb1ceab245851589b87ecb7b041a3d1733a4d3abba41b9259e32be38a4c7099a4e6372ebf791d
SSDEEP

384:yOwBKtL2M2APL6yRqtxAx+roEOsVK/KO+sB6fea:8fs3RqtGx+roAYP+97

Score

10^/10

snakekeylogger collection keylogger persistence stealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6675876060:AAEydIMROdr0XsdBN7fk_mjJRQvyv_ectv4/sendMessage?chat_id=5262627523

Targets

- Target
  
  Qqiodttyb.exe
- Size
  
  22KB
- MD5
  
  18ca50ce46f3936a2fc9def3f45b5525
- SHA1
  
  611fc5292204652425f972fa13e77c75e40a95d7
- SHA256
  
  62c1d71fff5293071772735f75960544716be3c3ee5996c6889f3ef3b4e7bcec
- SHA512
  
  b9d362a2f862868935b637ee1a3bf27fe67b5302f43c677fae5cb1ceab245851589b87ecb7b041a3d1733a4d3abba41b9259e32be38a4c7099a4e6372ebf791d
- SSDEEP
  
  384:yOwBKtL2M2APL6yRqtxAx+roEOsVK/KO+sB6fea:8fs3RqtGx+roAYP+97
Score

10^/10

snakekeylogger collection keylogger persistence stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerpersistencestealer