snakekeylogger | 16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738

General

Target

Product 3.exe
Size

366KB
Sample

231022-h7tn7aea8z
MD5

3c1ade1441ef11aed8496b742eab197b
SHA1

06ebde82c367791c03196888fb2fcc7721296564
SHA256

16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738
SHA512

79f35c1f552040fd3f5273aa288bbcc86662a325dc9fd5c1817d127568a5edd3337c9b124583c3e09d07c446dcdc2b6b515227ec0d987b6b8444f342046715a6
SSDEEP

6144:L0nJBIKD2SJMz2dR8rZNlvzGSTo5xBB9VVh8YZWUBwDPlj3y4QTdk6ceh9X3P92D:sJfD2S+nRqx39Xh88VBIlzy4Qpk6ceXx

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6243209595:AAGECSmdSqJiVZcdFoBvotoaKcKT9Lz5Gvw/sendMessage?chat_id=1070926352

Targets

- Target
  
  Product 3.exe
- Size
  
  366KB
- MD5
  
  3c1ade1441ef11aed8496b742eab197b
- SHA1
  
  06ebde82c367791c03196888fb2fcc7721296564
- SHA256
  
  16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738
- SHA512
  
  79f35c1f552040fd3f5273aa288bbcc86662a325dc9fd5c1817d127568a5edd3337c9b124583c3e09d07c446dcdc2b6b515227ec0d987b6b8444f342046715a6
- SSDEEP
  
  6144:L0nJBIKD2SJMz2dR8rZNlvzGSTo5xBB9VVh8YZWUBwDPlj3y4QTdk6ceh9X3P92D:sJfD2S+nRqx39Xh88VBIlzy4Qpk6ceXx
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2