snakekeylogger | bebc0029d94116ae2f1d7ae6ce0f91376a188a90e0da62cc53030c831cfc0d45 | Triage

Submit
Reports

Overview

overview

Static

static

3

URGENT RFQ...10.exe

windows7-x64

1

URGENT RFQ...10.exe

windows10-2004-x64

Sharing

General

Target

bebc0029d94116ae2f1d7ae6ce0f91376a188a90e0da62cc53030c831cfc0d45
Size

279KB
Sample

231027-lq894ade5v
MD5

f634c1f4e55329dbed158a66e007e3ab
SHA1

2444c0ac1b2628410cc7795a2454386c2bcb36b5
SHA256

bebc0029d94116ae2f1d7ae6ce0f91376a188a90e0da62cc53030c831cfc0d45
SHA512

7c51e804ea1a515c8d0854fc99da514756831ba38527d549c919f216881f615e56a56f35358d291ad59252c258fc9b135090c9d36425a68c34898713943ec706
SSDEEP

6144:I/gFXB5GkmEcLHpytKZjTraAW4mT0gF33rn3GJRVnHxOYJKEfU:I/Ybyp2KvWemwgxLInROwRc

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

URGENT RFQ! RFP82810.exe

Resource

win7-20231025-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

URGENT RFQ! RFP82810.exe

Resource

win10v2004-20231023-en

snakekeylogger keylogger stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.alsarisi.com
Port:
587
Username:
[email protected]
Password:
May$2009
Email To:
[email protected]

Targets

- Target
  
  URGENT RFQ! RFP82810.exe
- Size
  
  329KB
- MD5
  
  42df97789a51cb7ba473e6f447e83989
- SHA1
  
  400e3f2bc880dd690e4dcbfd8024995e83347d9d
- SHA256
  
  73dc704c3a82e161c621cdbd9164c9ee86ccb8b7fa0dcfc8f03ce40335c8604e
- SHA512
  
  0b3b26bb8d131fc506d9e3be57b1ef7d9c51f46a7dc9529bc4657a90767e09997e5675c91a2e83772ab4602b2c923d840ff5c708a831c24cf38b570eec6c023d
- SSDEEP
  
  6144:/CKQBMNitGsC/UJiQ2+423iCn3XgIqFsPe35bgaGPEQD:/fQ67sCYiX23PXbqL35bgaGf
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy