snakekeylogger | dddff6842dea7df6bf5a2b9d1eec7b6a800cc13d829e1146a795c64cdafe3661

General

Target

NEAS.NEASNEASdddff6842dea7df6bf5a2b9d1eec7b6a800cc13d829e1146a795c64cdafe3661rarrarrar_JC.rar
Size

497KB
Sample

231018-xl8njsbc75
MD5

1c303457fdadd02d4847cbb1278725f6
SHA1

7bd20b953420b1a1942a287b0540c024b003ce66
SHA256

dddff6842dea7df6bf5a2b9d1eec7b6a800cc13d829e1146a795c64cdafe3661
SHA512

b43dfaa1e2ecf98d60bf4fbd2cffdb5bf2cc019d5ab1892e7d013dbb6cb40172399c94fa9a5b893ffed573be4a954d606207c9c42164a128dd05234211b2a063
SSDEEP

12288:tfPJush4A0ZiQGdzEBSwvkXrLo6k3zlLCfV0o:toEQ8okvAlWfV0o

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6675795591:AAHOLjdFZlj5nOPVfUfGykzyEUFz4fRG_10/sendMessage?chat_id=6131056872

Targets

- Target
  
  Swift.txt.exe
- Size
  
  532KB
- MD5
  
  12bbcd47078601a66f15749bca45573a
- SHA1
  
  ea72daecddca36a8acff3c0a8c059e76dde79aff
- SHA256
  
  c41b3639173707dfe1b070b92c1b3ed4ed451be6595fa150b930a7dfc4efd2af
- SHA512
  
  986c1087b8f2d0851389911b6b8c08f6453b602fc633bf3cdfc484a4cb2513af63dd8cac059ff3c15601c4855a7cb5544f991a76c6802653fa3863e9ad086a1a
- SSDEEP
  
  12288:nBLXmsrJM1lmxJm83L6XD4JZyGdDtlUWZJs8UcGf:BLWiMAb3ubGLljnl/Gf
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2