snakekeylogger | 06cb67b0451ff35c5387fcfd070a949a980c0b12735abe51cef0c869840b43b5

General

Target

06cb67b0451ff35c5387fcfd070a949a980c0b12735abe51cef0c869840b43b5
Size

553KB
Sample

231023-qre5vsgh6v
MD5

e333a62a712718216c64e23fbd0b61ac
SHA1

d590a8a5b1441d4d1f924d19b61286ff3d6a7ba7
SHA256

06cb67b0451ff35c5387fcfd070a949a980c0b12735abe51cef0c869840b43b5
SHA512

8a7c672595b50c6166b97febb79d3374766353f6aa6e8a7cbb64d1f564ee15d46a16dcc3e0153c509cb4153c65257157466066895bc25740dc7d13aaa1e6ea53
SSDEEP

12288:pn3WUDJhkcRp6ToIOhMJ3kznYhHJEK5jTy3C39zZ:pnGUDrooIOho02HJEUjTy+T

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot6454266704:AAGc7MbDFOw3VJ52r1hPLsjSZvjH8GUmylk/sendMessage?chat_id=1467583453

Targets

- Target
  
  PDA REPORT.exe
- Size
  
  631KB
- MD5
  
  51ffbe020abe8aafe935c763b8a59925
- SHA1
  
  33d35ac918b348c7ee2358ffe3b2acc6e25182fe
- SHA256
  
  7b15eee7380219a4af5a9a5d2380c566c4b54b65d8f548885ad50f502acbd3a5
- SHA512
  
  965755fb0b1df5033ce1e8aaf06f982b23d91830daa98febfcf99f6597730ac95a47b6e12f91435944a77b441fd47decce02b10f5d7f9083916fa39b023d42c8
- SSDEEP
  
  12288:OPhNh6sxTA6qNhGpZSUTXUJ2HI8OPvultmzTc1FxnPzcb1hGrqaX8BXKDaxHh:OPDDxs6gUpA2HI3vultwc1FxY+ZXi
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2