snakekeylogger | e61dc30af3bae04f163df687e66592073621fd84933988e36105405f38053c45 | Triage

Submit
Reports

Overview

overview

Static

static

3

PO 534243.exe

windows7-x64

PO 534243.exe

windows10-2004-x64

Sharing

General

Target

PO 534243.exe
Size

560KB
Sample

231012-tywyqsbc91
MD5

bcc7c8a06cf4c1e386bc12606ebf000d
SHA1

55b2aaf6543d97d94095e340f74faef46a5f4f1f
SHA256

e61dc30af3bae04f163df687e66592073621fd84933988e36105405f38053c45
SHA512

374c3756f5cdb28703c6b0700e5b4f6a79d97f164ea7a02d9a1e5a6af89c1377f78a628bebb7e447c6772ab6db469e697599981ecad8397b51a5e5ada95f2094
SSDEEP

12288:FYaAfDuHOXRjIMsKZ6/NXbMxB/S98AC1bvB6kpYbIGscnbaLncanF4:FYagLhsLNrmB/SrC5vBkbfnGcuF

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO 534243.exe

Resource

win7-20230831-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO 534243.exe

Resource

win10v2004-20230915-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.xantara.com.my
Port:
587
Username:
[email protected]
Password:
Limetree342983!
Email To:
[email protected]

Targets

- Target
  
  PO 534243.exe
- Size
  
  560KB
- MD5
  
  bcc7c8a06cf4c1e386bc12606ebf000d
- SHA1
  
  55b2aaf6543d97d94095e340f74faef46a5f4f1f
- SHA256
  
  e61dc30af3bae04f163df687e66592073621fd84933988e36105405f38053c45
- SHA512
  
  374c3756f5cdb28703c6b0700e5b4f6a79d97f164ea7a02d9a1e5a6af89c1377f78a628bebb7e447c6772ab6db469e697599981ecad8397b51a5e5ada95f2094
- SSDEEP
  
  12288:FYaAfDuHOXRjIMsKZ6/NXbMxB/S98AC1bvB6kpYbIGscnbaLncanF4:FYagLhsLNrmB/SrC5vBkbfnGcuF
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy