snakekeylogger | cd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039d | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.NEASN...JC.exe

windows7-x64

NEAS.NEASN...JC.exe

windows10-2004-x64

Sharing

General

Target

NEAS.NEASNEAScd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039dexeexeexe_JC.exe
Size

530KB
Sample

231018-xgz6lsbb85
MD5

2646f36c014d4f64fc466dd76f4b5c6e
SHA1

82b128585b00bd33e916c5d3b2461ad8096ae3cb
SHA256

cd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039d
SHA512

92b65f090b6196ae5e607303c6de4fed10804c7974830e58a92461d064c25dcdb6a91ffa8941b651cf33420cace98b35868326d3120973be7c9afbee7e11388c
SSDEEP

12288:kBLXmsrJM12jMvEJQpCztZsu/K1YfiL8Q+WtyMpq0N:kLWiMcjMMwCztZy1YfTQ5N

Score

10^/10

snakekeylogger collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.NEASNEAScd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039dexeexeexe_JC.exe

Resource

win7-20230831-en

snakekeylogger collection keylogger stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.NEASNEAScd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039dexeexeexe_JC.exe

Resource

win10v2004-20230915-en

snakekeylogger collection keylogger stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.polyfabonline.com
Port:
587
Username:
[email protected]
Password:
0zswhWSLWT_C
Email To:
[email protected]

Targets

- Target
  
  NEAS.NEASNEAScd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039dexeexeexe_JC.exe
- Size
  
  530KB
- MD5
  
  2646f36c014d4f64fc466dd76f4b5c6e
- SHA1
  
  82b128585b00bd33e916c5d3b2461ad8096ae3cb
- SHA256
  
  cd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039d
- SHA512
  
  92b65f090b6196ae5e607303c6de4fed10804c7974830e58a92461d064c25dcdb6a91ffa8941b651cf33420cace98b35868326d3120973be7c9afbee7e11388c
- SSDEEP
  
  12288:kBLXmsrJM12jMvEJQpCztZsu/K1YfiL8Q+WtyMpq0N:kLWiMcjMMwCztZy1YfTQ5N
Score

10^/10

snakekeylogger collection keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggercollectionkeyloggerstealer

behavioral2

snakekeyloggercollectionkeyloggerstealer

© 2018-2024

Terms | Privacy