snakekeylogger | 2112511c1c89e31166b8f78a48124baf61c198b62a95ed3a2a73a01f4fe4d4d1

General

Target

2112511c1c89e31166b8f78a48124baf61c198b62a95ed3a2a73a01f4fe4d4d1
Size

282KB
Sample

231018-cc71faca22
MD5

4beebc87c25e85df60f72b637069bcd5
SHA1

c034af82eb5daeeb2710cc3d5e7db500c619003d
SHA256

2112511c1c89e31166b8f78a48124baf61c198b62a95ed3a2a73a01f4fe4d4d1
SHA512

061deaa4c642fb1aaa761528e952b07be23a9c9865053381567195f1cd6bffc30b0eeb9624ccb6a25a3ac363cb8d22708d2ec742c82c81dc9a899062fa768109
SSDEEP

6144:KA7mjL4OhBWYjj2/tTXwY6VsN5jJu0UT8QdnXMOhHtuOKtRyrt:KA7mYOhIYjypAY6VsTjJz4jtMOhHIhgx

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.cbrlandscapers.com.au
Port:
587
Username:
[email protected]
Password:
Enter@247

Extracted

Credentials

Protocol: smtp
Host:
mail.cbrlandscapers.com.au
Port:
587
Username:
[email protected]
Password:
Enter@247

Targets

- Target
  
  Payment Confirmation.exe
- Size
  
  367KB
- MD5
  
  2a1a5cc3ca7f6824e6828bbf62d12941
- SHA1
  
  563001a47df408ffca7d1d9809fd76d39d0ced3e
- SHA256
  
  02d215970fa4a7280c152a5266161bdc4a8167bf384442f0c89039189d47f4cf
- SHA512
  
  979ce4bc6fbade35dbfb55401816ae2149b4ece7d4defaa1fc822d1e426ca7c7016d20e4d1b84654076daf2f7f3025478f9cb80a81267370f34bfe46af0d8089
- SSDEEP
  
  6144:RcfOazRkwtd9wSPqInJVwEjceYOtYYE2Odtyqd72fOsA:WfOazBD9wGDMEjcZlYrOiqoo
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2