snakekeylogger | f347fc090da11031ce00a0a7fb7330c37c921422939e54d8df7202487f3c15c2 | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...64.exe

windows7-x64

SecuriteIn...64.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.KeyloggerX-gen.24670.4764.exe
Size

418KB
Sample

231025-d2hbradg57
MD5

c9af48797367146725c1355060ad6733
SHA1

9a0e59f47659ac02f92ea9d287f6d6dbbc65a4c2
SHA256

f347fc090da11031ce00a0a7fb7330c37c921422939e54d8df7202487f3c15c2
SHA512

68f226bff322257c8a5721989547837d6a8bf5150eb25e91f5012879f9f663fe0007506288927a484c06b69c69e354db67bd4f05d3e8bab9e7c7cf2c254e8ef6
SSDEEP

6144:R/2WTS7RXwn5F8lwOazRkY/loOHO4jUDE2EteYOtYYE2Odtyqd72fJ:RuYF8lwOazxloAqFEtZlYrOiqo

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.KeyloggerX-gen.24670.4764.exe

Resource

win7-20231020-en

snakekeylogger keylogger stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.KeyloggerX-gen.24670.4764.exe

Resource

win10v2004-20231023-en

snakekeylogger keylogger stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.hahcd.com
Port:
587
Username:
[email protected]
Password:
d5ClGOqbU6HU

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.hahcd.com
Port:
587
Username:
[email protected]
Password:
d5ClGOqbU6HU
Email To:
[email protected]

Targets

- Target
  
  SecuriteInfo.com.Win32.KeyloggerX-gen.24670.4764.exe
- Size
  
  418KB
- MD5
  
  c9af48797367146725c1355060ad6733
- SHA1
  
  9a0e59f47659ac02f92ea9d287f6d6dbbc65a4c2
- SHA256
  
  f347fc090da11031ce00a0a7fb7330c37c921422939e54d8df7202487f3c15c2
- SHA512
  
  68f226bff322257c8a5721989547837d6a8bf5150eb25e91f5012879f9f663fe0007506288927a484c06b69c69e354db67bd4f05d3e8bab9e7c7cf2c254e8ef6
- SSDEEP
  
  6144:R/2WTS7RXwn5F8lwOazRkY/loOHO4jUDE2EteYOtYYE2Odtyqd72fJ:RuYF8lwOazxloAqFEtZlYrOiqo
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy